-
Notifications
You must be signed in to change notification settings - Fork 1
Basic Detection Callback Example
This sample demonstrates registering a callback with the DXL fabric to receive
detection
events sent by the McAfee Threat Intelligence Exchange (TIE)
DXL service when detections
occur on managed systems.
The majority of the sample code is shown below:
// Create the client
var client = new dxl.Client(config)
// Connect to the fabric, supplying a callback function which is invoked
// when the connection has been established
client.connect(function () {
// Create the McAfee Threat Intelligence Exchange (TIE) client
var tieClient = new TieClient(client)
// Register detection callback with the client
tieClient.addFileDetectionCallback(function (detectionObj, originalEvent) {
// Display the DXL topic that the event was received on
console.log('Detection on topic: ' + originalEvent.destinationTopic)
// Dump the detection info
console.log(MessageUtils.objectToJson(detectionObj, true))
})
// Wait forever
console.log('Waiting for detection events...')
})
Once a connection is established to the DXL fabric, the callback function
supplied to the DXL client instance's connect()
method will be invoked. From
within the callback function, a TieClient
instance is created. The TieClient
instance will be used to communicate with the TIE DXL services.
Next, a call is made to the TieClient instance's addFileDetectionCallback()
method to register a function to be invoked when detection events occur.
When a detection event occurs, the detection callback will display the topic
that the event was received on. The detection details are printed by converting
the detectionObj
object to JSON with a call to the
MessageUtils.objectToJson()
method.
When a detection event is received the output should appear similar to the following:
Detection on topic: /mcafee/event/tie/file/detection
{
"agentGuid": "{68125cd6-a5d8-11e6-348e-000c29663178}",
"detectionTime": 1481301796,
"hashes": {
"md5": "eb5e2b9dc51817a086d7b97eb52410ab",
"sha1": "435dfd470f727437c7cb4f07cba1f9a1f4272656",
"sha256": "414bb16b10ece2db2d8448cb9f313f80cb77c310ca0c19ee03c73cba0c16fedb"
},
"localReputation": 1,
"name": "FOCUS_MALWARE2.EXE",
"remediationAction": 5
}
The first line displays the DXL topic that the event was received on. In this
particular case it is "/mcafee/event/tie/file/detection
", which indicates that
this is a file
detection event.
The following information is included in the detection
object:
- System the detection occurred on.
- Time the detection occurred (Epoch time).
- File that triggered the detection (file name and associated hashes).
- Reputation value that was calculated locally which triggered the detection.
- Remediation action that occurred in response to the detection.
McAfee Threat Intelligence Exchange (TIE) DXL Javascript Client Library
SDK Classes
Examples
- Basic
- Service Invocations
- Events
- Advanced
- Service Invocations