cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Erik
Level 9
Report Inappropriate Content
Message 1 of 2

OpenDXL vs IntelMQ

I can't really make it up myself: how does OpenDXL compare to IntelMQ? https://github.com/certtools/intelmq

Where do the two overlap, and how might they be good additions to one another?

1 Reply

Re: OpenDXL vs IntelMQ

Great question.

First, I need to qualify my response with the fact that I know very little about IntelMQ. However, after a cursory look at the FAQ, some high level descriptions, and examples, it appears that the goals of the two projects are quite different.

The primary goals of IntelMQ appear to be:

  • Normalization of large number of data feeds (security feeds, log files, tweets) using a message queueing protocol
  • Support a wide variety of these data feeds in a consistent manner (JSON, etc.)
  • Ability to persist the feeds in a variety of systems (Splunk, ElasticSearch, etc.)

The primary goals of DXL are:

  • Ability to connect a large number of clients (100s of thousands to millions) on a distributed fabric (may extend large geographic regions with fault tolerance)
  • Share near real-time security events with those clients (reputation change for a file, etc.)
  • Easily allow security products to integrate with the fabric (TIE, MAR, Rapid7, Aruba, CheckPoint, etc.) and make their functionality available to the connected clients in a way that hides deployment details (topic-based communication)
  • Secure the fabric in a consistent way (PKI-based mutual authentication and certificate-based authorization)

The two projects seem very complimentary in fact. Exposing IntelMQ normalized events to the DXL fabric would be something that would seem to be fairly straight-forward (they have an example that shows a similar integration with Splunk).

Thanks again for the question,

Chris

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community