mcafee added a new version:
QuoteRelease notes:
- Updated Dockerfile to use slim vs. alpine (glibc issues)
OpenDXL
Security Intelligence Sharing
Posts by mcafee
-
-
mcafee added a new version:
QuoteRelease notes:
- Updated Dockerfile to use slim vs. alpine (glibc issues)
-
mcafee added a new version:
QuoteRelease notes:
- Updated Dockerfile to include VOLUME definition
-
mcafee added a new version:
QuoteRelease notes:
- Updated Dockerfile to use slim vs. alpine (glibc issues)
-
mcafee added a new version:
QuoteRelease notes:
- Updated Dockerfile to include VOLUME definition
-
mcafee added a new version:
QuoteRelease notes:
- Proper UTF-8 encoding/decoding for "other" fields (Message class) and "error message" field (ErrorResponse class)
- Documentation cleanup
-
mcafee added a new solution:
QuoteUnlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and expose evasive threats. Tight integration between security solutions—from network to endpoint—enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.
After inspection, Advanced Threat Defense will publish the file’s reputation to the Data Exchange Layer (DXL) fabric. At that point, all products on the DXL fabric will be notified if it is malicious or safe.
-
opendxl added a new solution:
QuoteDisplay MoreOverview
The URLVoid DXL Python service exposes access to the URLVoid API via the Data Exchange Layer (DXL) fabric.
The URLVoid service helps you identify websites involved in malware incidents, fraudulent activities and phishing schemes.
Documentation
See the Wiki for an overview of the URLVoid DXL Python service and usage examples.
See the URLVoid API DXL Python service documentation for installation instructions, API documentation, and usage examples.
Icon by Eezy licensed under Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0).
-
mcafee added a new version:
QuoteOpenDXL Python Client 3.1.0.586 Release
Release notes:
- Updated on_disconnect callback to execute on a separate thread (to avoid conflict with event loop)
-
mcafee added a new version:
QuoteOpenDXL Python Client 3.1.0.585 Release
Release notes:
- Improved logging
- Added ability to set "other" and "multi-tenancy" fields on messages
- Fixed timer-related error that would sometimes occur when exiting
-
mcafee added a new solution:
QuoteDisplay MoreThe escalating sophistication of cyberthreats requires a new generation of protection for endpoints. Advancing threats and the increasing risk of unknown vulnerabilities are causing organizations to piece together overlapping, disconnected security solutions that provide limited visibility and increased complexity.
McAfee solves this problem with McAfee Endpoint Threat Defense and Response. Both solutions leverage static and behavioral analysis and synthesized intelligence to protect, detect, correct, and adapt to combat emerging threats. Connected components automatically share valuable security information over the McAfee Data Exchange Layer (DXL) with the endpoint. They can also communicate threat intelligence and reputation changes to other DXL-connected services beyond the endpoint. OpenDXL provides options for connecting to these McAfee products and leveraging this intelligence further, as well as instructing products to take action using an OpenDXL orchestration script or service request.
DXL-enabled Components in this suite:
- McAfee Endpoint Threat Prevention Module for Endpoint Security: Provides a single endpoint platform for multiple services
- McAfee Active Response: Endpoint Detection and Response (EDR) collects endpoint insights and takes action
- McAfee Threat Intelligence Exchange: Manages reputation data and can share updates and respond to requests made over DXL
- McAfee Data Exchange Layer Client: Plugs in seamlessly to the McAfee Endpoint Threat Prevention Module to connect to DXL services
- McAfee ePolicy Orchestrator: Provides unified policy management and reporting and manages the DXL fabric
Connected components automatically share valuable security information through McAfee Data Exchange Layer (DXL).
An OpenDXL TIE Python client is available for accessing McAfee Threat Intelligence Exchange information via DXL.
An OpenDXL MAR Python client is available for accessing McAfee Active Response information via DXL.
-
mcafee added a new solution:
QuoteDisplay MoreOverview
The McAfee Active Response (MAR) DXL Python client library provides a high level wrapper for the MAR Data Exchange Layer(DXL) API.
The purpose of this library is to allow users to perform MAR searches without having to focus on lower-level details such as MAR-specific DXL topics and message formats.
Documentation
See the Wiki for an overview of the McAfee Active Response (MAR) DXL Python client library and examples.
See the McAfee Active Response (MAR) DXL Python Client Library Documentation for installation instructions, API documentation, and examples.
-
mcafee added a new solution:
QuoteDisplay MoreMcAfee Threat Intelligence Exchange shares and exchanges emerging threat data instantly, operationalizing intelligence sharing and encouraging rapid response across your endpoint, gateway, network, and data center security solutions in real time. Making the most of locally generated intelligence and McAfee Global Threat Intelligence, it continually assesses evolving reputations. As reputations change, updates are distributed over the Data Exchange Layer immediately, allowing security solutions from any vendor to operate as one, exchanging and acting on shared intelligence.
As the first service over the Data Exchange Layer, TIE has the most extensive integration ecosystem. Many McAfee and industry products consume updated reputations and then take action, or send TIE changes to reputations, for example when a sandbox convicts a file, or a SIEM uses a TIE reputation to score an IOC.
An OpenDXL TIE Python client is available for accessing McAfee Threat Intelligence Exchange information via DXL.
-
mcafee added a new solution:
QuoteDisplay MoreOverview
The McAfee ePolicy Orchestrator (ePO) DXL Python client library provides a high level wrapper for invoking ePO remote commands via the Data Exchange Layer (DXL) fabric.
The purpose of this library is to allow users to invoke ePO remote commands without having to focus on lower-level details such as ePO-specific DXL topics and message formats.
This client requires an ePO DXL service to be running and available on the DXL fabric.
A Python-based implementation of an ePO DXL service is available here:
Documentation
See the Wiki for an overview of the McAfee ePolicy Orchestrator (ePO) DXL Python Client Library and examples.
See the McAfee ePolicy Orchestrator (ePO) DXL Python Client Library Documentation for installation instructions, API documentation, and examples.
-
opendxl added a new solution:
QuoteDisplay MoreOverview
The MaxMind DXL Python client library provides a high level wrapper for invoking MaxMind Geolocation Lookups via the Data Exchange Layer (DXL) fabric.
This client requires the MaxMind DXL Service to be running and available on the DXL fabric.
Documentation
See the Wiki for an overview of the MaxMind DXL Python Client Library and examples.
See the MaxMind DXL Python Client Library for installation instructions, API documentation, and examples.
Icon made by Freepik from www.flaticon.com
-
mcafee added a new solution:
QuoteDisplay MoreOverview
The McAfee Threat Intelligence Exchange (TIE) DXL Python client library provides a high level wrapper for the TIE Data Exchange Layer (DXL) API.
The purpose of this library is to allow users to access the features of TIE (manage reputations, determine where a file has executed, etc.) without having to focus on lower-level details such as TIE-specific DXL topics and message formats.
Documentation
See the Wiki for an overview of the McAfee Threat Intelligence (TIE) DXL Python client library and examples.
See the McAfee Threat Intelligence (TIE) DXL Python Client Library Documentation for installation instructions, API documentation, and examples.
-
opendxl added a new solution:
QuoteDisplay MoreOverview
The VirusTotal DXL Python client library provides a high level wrapper for invoking the VirusTotal API via the Data Exchange Layer (DXL) fabric.
This client requires the VirusTotal API DXL Service to be running and available on the DXL fabric.
Documentation
See the Wiki for an overview of the VirusTotal DXL Python Client Library and examples.
See the VirusTotal DXL Python Client Library for installation instructions, API documentation, and examples.
Icon by Neurovit licensed under Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0).
-
opendxl added a new solution:
QuoteOverview
The purpose of the OpenDXL Bootstrap application is to generate the structure and related files necessary (a project) for developing a Data Exchange Layer (DXL) integration with Python. Multiple templates are available which control the type of project to generate (a client wrapper, a persistent application which exposes services, etc.).
Documentation
See the Wiki for an overview of the OpenDXL Bootstrap application and usage examples.
See the OpenDXL Bootstrap application documentation for installation instructions and usage examples.
-
mcafee added a new solution:
QuoteOverview
The McAfee ePolicy Orchestrator (ePO) DXL Python service exposes access to ePO's remote commands via the Data Exchange Layer (DXL) fabric.
Documentation
See the Wiki for an overview of the McAfee ePolicy Orchestrator (ePO) DXL Python service and usage examples.
See the ePolicy Orchestrator (ePO) DXL Python service documentation for installation instructions, API documentation, and usage examples.
-
opendxl added a new solution:
QuoteDisplay MoreOverview
The MaxMind DXL Python service exposes IP geo-location lookups in a MaxMind GeoLite2 or GeoIP2 database via the Data Exchange Layer (DXL) fabric.
Documentation
See the Wiki for an overview of the MaxMind DXL Python service and usage examples.
See the MaxMind API DXL Python service documentation for installation instructions, API documentation, and usage examples.
Icon made by Freepik from www.flaticon.com
