Enrich McAfee DXL using 3rd party sandbox v2

Example of bridging DXL to a third party sandbox. Detonate a file in 3rd party sandbox and if malicious, push its MD5, SHA1 and SHA256 hashes to McAfee DXL.

McAfee DXL · 5 tasks · 0 inputs · 0 outputs

Commands used

closeInvestigation dxl-send-event

Flowchart

yes Start Start Any malicious files detected? - Exists Any malicious files detec... Exists Close incident - closeInvestigation Close incident closeInvestigation DXL - Push file hashes as malicious - dxl-send-event DXL - Push file hashes as... dxl-send-event Detonate File - Generic - Detonate File - Generic Detonate File - Generic Detonate File - Generic