-
Notifications
You must be signed in to change notification settings - Fork 1
Basic Set File Reputation Example
This sample demonstrates invoking the McAfee Threat Intelligence Exchange (TIE)
DXL service to set the enterprise-specific trust level
of a file (as
identified by its hashes).
The majority of the sample code is shown below:
// Create the client
var client = new dxl.Client(config)
// Hashes for the file whose reputation should be set. These use the hashes for
// notepad.exe by default but could be replaced with appropriate values for the
// file whose reputation should be set.
var FILE_MD5 = 'f2c7bb8acc97f92e987a2d4087d021b1'
var FILE_SHA1 = '7eb0139d2175739b3ccb0d1110067820be6abd29'
var FILE_SHA256 = '142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2'
// Connect to the fabric, supplying a callback function which is invoked
// when the connection has been established
client.connect(function () {
var tieClient = new TieClient(client)
var hashes = {}
hashes[HashType.MD5] = FILE_MD5
hashes[HashType.SHA1] = FILE_SHA1
hashes[HashType.SHA256] = FILE_SHA256
// Set the Enterprise reputation for the file to Known Trusted
tieClient.setFileReputation(
function (error) {
// Destroy the client - frees up resources so that the application
// stops running
client.destroy()
if (error) {
console.log('Error: ' + error.message)
} else {
console.log('Succeeded')
}
},
TrustLevel.KNOWN_TRUSTED,
hashes,
'notepad.exe',
'Reputation set via OpenDXL'
)
})
Once a connection is established to the DXL fabric, the callback function
supplied to the DXL client instance's connect()
method will be invoked. From
within the callback function, a TieClient
instance is created. The TieClient
instance will be used to communicate with the TIE DXL services.
The enterprise-specific trust level
is established for the file by invoking
the TieClient instance's setFileReputation()
method, along with the hash values
used to identify the file.
The filename
and comment
— "notepad.exe" and
"Reputation set via OpenDXL" in the above example, respectively — are
optional but are useful in identifying the particular file that is associated
with the hashes (especially if the file did not previously exist in the TIE
repository).
If the set reputation
operation succeeds the following message will be
displayed:
Succeeded.
McAfee Threat Intelligence Exchange (TIE) DXL Javascript Client Library
SDK Classes
Examples
- Basic
- Service Invocations
- Events
- Advanced
- Service Invocations