Automated Threat Intelligent System integrated with McAfee Advanced Threat Defense and Malware Information Sharing Platform

Automated Threat Intelligent System

An improvised automated threat intelligent system with advanced vulnerability scanners and Opensource Intelligence Information gathering python scripts when integrated with McAfee Advanced Threat Defense and Malware Information Sharing Platform can defend against new and futuristic cyber attacks.

ATD-MISP with OpenDXL

This integration is focusing on the automated threat intelligence collection with McAfee ATD, OpenDXL, and MISP. McAfee Advanced Threat Defense (ATD) will produce local threat intelligence that will be pushed via DXL. An OpenDXL wrapper will subscribe and parse indicators ATD produced and will import indicators into a threat intelligence management platform (MISP).

Component Description

McAfee Advanced Threat Defense (ATD) is a malware analytics solution combining signatures and behavioral analysis techniques to rapidly identify malicious content and provides local threat intelligence. ATD exports IOC data in STIX format in several ways including the DXL. https://www.mcafee.com/in/products/advanced-threat-defense.aspx

MISP threat sharing platform is free and open-source software helping information sharing of threat and cybersecurity indicators. https://github.com/MISP/MISP

Install & Use

Copyright (c) 2019 Kai Iyer