IBM Security Network Protection (XGS) provides a web services API that enables third-party applications such as Deep Discovery Director (Consolidated Mode) to directly submit suspicious objects. IBM XGS can perform the following functions:
Quarantine hosts infected with malware
Block communication to C&C servers
Block access to URLs found to be distributing malware
To integrate Deep Discovery Director (Consolidated Mode) with IBM XGS, configure a generic agent to do the following:
Accept alerts that adhere to a specific schema
Create quarantine rules based on a generic ATP translation policy
The ATP translation policy allows several categories of messages to take different actions on IBM XGS, including blocking and alerting.