Skip to content
/ dxlwildfiretie Public

Integrate Palo Alto Network's Wildfire verdicts into TIE reputations.

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

opendxl-community/dxlwildfiretie

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
dxlwildfiretie
dxlwildfiretie
 
 
README
README
 
 
README.md
README.md
 
 
common.py
common.py
 
 
dxlclient.config
dxlclient.config
 
 
requirements.txt
requirements.txt
 
 
wf.config
wf.config
 
 

Repository files navigation

OpenDXL-WildFireTIE

The Wildfire TIE DXL Python application polls the Wildfire analysis data and updates TIE over the DXL fabric.

Introduction

Customers are regularly challenged by having made multiple high dollar investments in disjointed best of breed solutions. As such, point-to-point integration is usually required to bridge the gap in architectures offering synergistic value to the organization. And, since WildFire is a very popular sandbox technology from PaloAlto Networks that many customers employ, this module integrates the value of WildFire sandboxing technologies, cloud or on premise appliances, with the effective threat mitigation at the endpoint offered by McAfee's Threat Intelligence Exchange (TIE).

Startup

Launch the integration process by executing:

#python wf.py

Setup

To run OpenDXL-WildFireTIE install Python 2.7 or later. Python 3 is not currently supported.

Install the required dependencies with the requirements.txt file:

$ pip install -r requirements.txt

This will install the requests module.

McAfee OpenDXL SDK

https://www.mcafee.com/us/developers/open-dxl/index.aspx

McAfee Threat Intelligence Exchange (TIE) DXL Python Client Library at the follow link:

https://github.com/opendxl/opendxl-tie-client-python/wiki

  • Certificate Files Creation link
  • ePO Certificate Authority (CA) Import link
  • ePO Broker Certificates Export link

Edit the dxlclient.config

Provision DXL client certificates and fill in the broker list for the DXL Client.

[Certs]
BrokerCertChain=certs/brokercert.crt
CertFile=certs/client.crt
PrivateKey=certs/client.key

[Brokers]
{}={};8883;

For more information on configuring the DXL client see the OpenDXL Python Client SDK Documentation

wf.config

Update the wf.config file with the WildFire API key. Please consult the WildFire documentation for steps to obtain the key. It is recommended to use the WildFire appliance as your source for intelligence.

wf_age: How far back should the WildFire repository go?

wf_host: This defaults to WildFire cloud. Please update with the location of your appliance if you have a WildFire on-premise deployment.

[wildfire]
apikey=<API KEY FROM WILDFIRE>
wf_age=1

# This is the default cloud instance which returns all entries
# not just what your organization submitted. Please change this to your
# appliance if you have one
wf_host=https://wildfire.paloaltonetworks.com

About

Integrate Palo Alto Network's Wildfire verdicts into TIE reputations.

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases 1

First release of the TIE/WildFire integration using DXL Latest
Jul 18, 2017

Packages

No packages published

Languages