You can use the DXL technology to send and receive information to and from web security products that are connected to Web Gateway in a common security architecture.
Trellix Data Exchange Layer (DXL) is a messaging technology for real-time information exchange. The technology is used to exchange security-related information, for example, file reputation scores between Web Gateway and other web security products that are connected to it.
This kind of information exchange is part of a security architecture that is provided by Trellix and is also known as Security Connected.
Scenarios for exchanging web security information
You can exchange information under DXL in two main scenarios: One is publishing a message about a security topic in an event and receiving this message after subscribing for the topic. The other is sending a query for information about a security topic to a service and receiving a response from this service.
The web security products that are connected to each other, including Web Gateway, take the various roles that belong to these scenarios. Products can be publishers and subscribers, they can send queries and also act as services that queries are sent to.
When a publisher sends DXL messages to the subscribers, they send no responses. When a DXL message is sent as a query for security-related information to a service, the service sends a response, providing information about the topic that was specified in the query.
Web Gateway supports the sending of DXL messages in events and as queries to a service. It can also receive DXL messages and act as a service that provides information about a web security topic
NOTE: You can implement the Gateway Anti-Malware with TIE library rule set that uses DXL messages to exchange file reputation information between Web Gateway and a TIE server. This is the only way to use DXL messages on Web Gateway.
Configuring settings for the exchange of web security information
When information about web security topics is exchanged on Web Gateway, several settings are involved. These settings include credentials for a Trellix ePO server, as parts of the DXL architecture are managed by this administration product.
Topics and services for information exchange are part of the settings for the proxy functions of Web Gateway.
DXL messages can also be traced for troubleshooting after enabling the relevant option of the Troubleshooting settings.