IBM Security Network Protection (XGS) provides a web services API that enables third-party applications such as Deep Discovery Director (Internal Network Analytics Version) to directly submit suspicious objects. IBM XGS can perform the following functions:
-
Quarantine hosts infected with malware
-
Block communication to C&C servers
-
Block access to URLs found to be distributing malware
To integrate Deep Discovery Director (Internal Network Analytics Version) with IBM XGS, configure a generic agent to do the following:
-
Accept alerts that adhere to a specific schema
-
Create quarantine rules based on a generic ATP translation policy
The ATP translation policy allows several categories of messages to take different actions on IBM XGS, including blocking and alerting.