Not at the moment. The question was asked of me and I haven't seen anything on the forums or in the docs about if it's even possible. Can you point me to anything?
It's possible but sometimes the requirements may change how you want to implement it.
External Lists is an option, external lists is a feature that allows MWG to call out to a server and ask it for content (xml, json, text, postgres, or ldap). MWG can then consume the response and use it how you like.
Subscribed lists is also an option, there is McAfee Supplied lists and there is customer subscribed lists. You could build your own subscribed lists to do this too.
The difference between External and Subscribed is that External is a real-time (somestimes cached) call to whatever external resource (think YouTube API), where as the subscribed list is more of a download and its kept locally (like the Known CAs).
I prefer subscribed lists when there isnt a need for real time data, but MWG does have caching for External Lists. If you dont think External Lists will work for this let me know. External lists also dont work in Hybrid mode.
For an RSS feed, you'd need an external list (although I do have some ideas for a External List mixed with a Subscribed list...). I picked on from here:
The Xpath syntax is: /rss/channel/item/*[starts-with(name(), 'prx:proxy')]/*[starts-with(name(), 'prx:ip')]/text()
Let me know if that helps get you started!
Here's a ruleset with the example. You'll have to add your self to the "Testing External Lists IPs" to test it. Then visit an IP thats in the list (http://www.proxylists.net/proxylists.xml).
Thanks Jon! I found out that the folks that were asking about his capability want me to use the RSS feed from Microsoft to keep an updated list of Office 365 URLs/IPs.
I know McAfee keeps a maintained set of lists already for various O365 applications but they are concerned that if MS makes an update that McAfee won't be as quick to update their lists as a real time RSS feed list pointing to Microsoft's own list. I don't know how accurate that argument is as I don't know how often MS makes changes and how long it takes McAfee to update and push down the maintained lists.
You have any input on that?
In my experience they dont make changes that often, but I know monitoring is performed for those lists, so when a change does happen it gets propagated pretty quickly.