Abstract: OpenDXL is an open API to enable devices to share intelligence and orchestrate security operations in real-time. This security connected platform from McAfee provides a unified framework for hundreds of products, services, and partners already adopted in the field. Any organization can improve its security posture and minimize operational costs through the platform’s capabilities. The platform leverages a real-time data exchange framework to build collective threat intelligence to make endpoint, network, and cloud countermeasures protect and detect as one.
The tutorial includes a review of the problem-space and use cases to be supported, then matching against the proposed platform capabilities including open APIs. After reviewing concrete examples of real-world integrations by partners and customers, we will discuss how to develop by leveraging current APIs and creating new ones. To complete the tutorial student will be challenged with hands-on exercises reusing both Python and NodeRed samples from OpenDXL to add security-related behaviors to the platform.

The content in these slides was presented during the BehAPI 2019 Summer School in Leicester.