Home

DXL

DXL stands for Data Exchange Layer, a platform originally developed by McAfee and later associated with Trellix that provides a centralized, brokered messaging fabric for interoperable security tools. The goal of DXL is to enable rapid, automated sharing of telemetry, indicators, and actions across a range of security products and services, helping organizations coordinate detection and response more effectively.

DXL uses a broker-based architecture in which software components act as DXL clients that publish or subscribe

OpenDXL refers to the open-source portion of the project, providing libraries and connectors that allow third-party

Common use cases include automatic sharing of threat intelligence, coordinated containment actions, and rapid orchestration of

to
topics
on
one
or
more
DXL
brokers.
Messages
flow
through
the
fabric
and
are
delivered
to
all
interested
subscribers,
enabling
real-time
or
near-real-time
collaboration
between
endpoint,
network,
and
cloud
security
tools.
Security
is
a
core
design
feature,
with
authentication
and
encryption
designed
to
protect
message
exchange
and
to
ensure
that
only
trusted
components
participate
in
the
fabric.
The
system
supports
asynchronous
communication
and
decouples
producers
from
consumers,
which
helps
scale
integrations
across
large
environments.
tools
to
participate
in
the
DXL
ecosystem.
OpenDXL
offers
client
libraries
for
multiple
programming
languages
and
provides
sample
integrations
and
connectors
to
facilitate
building
new
integrations
with
the
DXL
fabric.
security
workflows
across
disparate
tools.
By
centralizing
data
exchange,
DXL
aims
to
reduce
mean
time
to
detect
and
respond
to
threats
through
interoperable,
decentralized
collaboration
across
security
solutions.