Node-RED Flow: Receive ePO Threat Event via DXL

  • mcafee added a new solution:



    • The OpenDXL and McAfee ePolicy Orchestrator (ePO) DXL modules have been added to the Node-RED palette.
    • A DXL client has been configured in Node-RED (see Client Configuration).
    • An ePO DXL service is running and available on the DXL fabric. If version 5.0 or later of the DXL ePO extensions are installed on your ePO server, an ePO DXL service should already be running on the fabric. If you are using an earlier version of the DXL ePO extensions, you can use the ePO DXL Python Service.
    • The Node-RED DXL client is authorized to receive "ePO Threat Event Automatic Response Events" (see Client Authorization).
    • Under the "Automatic Responses" page on the ePO server, ensure that a "Send Threat Event via DXL" response is set to "Enabled".

    Here is the Node-RED flow content for this solution: