McAfee^® Data Exchange Layer (DXL)

Integration with DXL will expose Fortra's Fortra VM API calls allowing the application to query the API for asset and related vulnerability information.

The OpenDXL Fortra’s Fortra VM application also publishes scan related events allowing other DXL applications to subscribe to these as they occur. For example, one of the events published is a scan completion event. When a scan completes for a given client, the completed scan event is published to the /DigitalDefense/event/Frontline/IP/ScanComplete topic, and any DXL application which has subscribed to this topic, will receive scan completion notifications in real-time as they are published.

This also allows other third party integrated DXL applications, to query Fortra VM over DXL, as well as register for important Fortra VM related events, without having to integrate directly with Fortra VM.

Requirements

To integrate with DXL, perform the following (see below for detailed instructions):

• DXL Broker such as OpenDXL Broker
• OpenDXL Python Client
• Perform provisioning: Provisioning Overview
• Fortra VM API Key
• Fortra VM DXL Integration Package with the following files:

  ddi_config.py

  ddi_event_publisher.py

  ddi_service_provider.py

Configure Integration

Install Instance of Data Exchange Layer (DXL) Broker

Install an open source version of a DXL Broker called OpenDXL Broker, instance as described by McAfee here:

Download the open source version: OpenDXL Broker:

Install the Official OpenDXL Python Client

The python client is for communicating with a DXL fabric and will enable connection with the McAfee DXL messaging fabric for the purpose of receiving Fortra VM events and invoking Fortra VM services.

Install the OpenDXL Python Client here: OpenDXL Python Client

Perform Provisioning

In order for the Fortra VM client to connect to the DXL fabric, it must be provisioned. Using the official OpenDXL python client generate certificate information required to establish an authenticated connection to the fabric, as well as information regarding the brokers to connect to.

Read the OpenDXL Python SDK documentation to perform provisioning: Provisioning Overview:

Generate a Fortra VM API Key

1. Log in to Fortra VM.

2. In the site heater, select your name and choose My profile.

3. On the API Tokens tab, select Create new token.

4. In the Add New Token dialog, type the token name and select OK.

5. Below your token name, selecting Click to show key displays your API Key.



IMPORTANT: An API Key is equivalent to a user’s password. Do not use a key with more than one product integration. If you believe a key is compromised, delete the token from Fortra VM immediately by selecting the trash can icon and resulting check-mark to confirm.

Configure Fortra VM Scripts

Once you have successfully performed provisioning and generated the required certificate information, it is now time to configure the Fortra VM scripts.

Open the python file ddi_config.py configuration file and set these variables accordingly:

1. Set the API_TOKEN variable to your generated Fortra VM API token.
2. Note the location of the dxlclient.config file generated from provisioning in the previous step. Set the path of this configuration file for the CONFIG_FILE variable name as :
   CONFIG_FILE = “root/configFiles/ePO-config/dxlclient.config”
3. Save and close this file.

Run Fortra VM Scripts

The Fortra VM client is now configured and ready to run.

• To invoke the available Fortra VM services, run ddi_service_provider.py

• To receive any available Fortra VM events, run ddi_event_publisher.py