-
Notifications
You must be signed in to change notification settings - Fork 1
Basic First Instance Callback Example
This sample demonstrates registering a callback with the DXL fabric to receive
first instance
events sent by the McAfee Threat Intelligence Exchange (TIE)
DXL service when are encountered for the first time within the local enterprise.
The majority of the sample code is shown below:
// Create the client
var client = new dxl.Client(config)
// Connect to the fabric, supplying a callback function which is invoked
// when the connection has been established
client.connect(function () {
// Create the McAfee Threat Intelligence Exchange (TIE) client
var tieClient = new TieClient(client)
// Register first instance callback with the client
tieClient.addFileFirstInstanceCallback(
function (firstInstanceObj, originalEvent) {
// Display the DXL topic that the event was received on
console.log('First instance on topic: ' + originalEvent.destinationTopic)
// Dump the first instance info
console.log(MessageUtils.objectToJson(firstInstanceObj, true))
}
)
// Wait forever
console.log('Waiting for first instance events...')
})
Once a connection is established to the DXL fabric, the callback function
supplied to the DXL client instance's connect()
method will be invoked. From
within the callback function, a TieClient
instance is created. The TieClient
instance will be used to communicate with the TIE DXL services.
Next, a call is made to the TieClient instance's
addFileFirstInstanceCallback()
method to register a function to be invoked
when first instance events occur.
When a new file is encountered within the local enterprise, the first instance
callback will display the topic that the event was received on. The first
instance details are printed by converting the firstInstanceObj
object to JSON
with a call to the MessageUtils.objectToJson()
method.
When a first instance event is received the output should appear similar to the following:
First instance on topic: /mcafee/event/tie/file/firstinstance
{
"agentGuid": "{68125cd6-a5d8-11e6-348e-000c29663178}",
"hashes": {
"md5": "31dbe8cc443d2ca7fd236ac00a52fb17",
"sha1": "2d6ca45061b7972312e00e5933fdff95bb90b61b",
"sha256": "aa3c461d4c21a392e372d0d6ca4ceb1e4d88098d587659454eaf4d93c661880f"
},
"name": "MORPH.EXE"
}
The first line displays the DXL topic that the event was received on. In this
particular case it is, "/mcafee/event/tie/file/firstinstance"
, which
indicates that this is a file first instance event.
The following information is included in the first instance
object:
- System the first instance of the file was found on.
- File information (file name and associated hashes).
McAfee Threat Intelligence Exchange (TIE) DXL Javascript Client Library
SDK Classes
Examples
- Basic
- Service Invocations
- Events
- Advanced
- Service Invocations