Skip to content

Basic Set Reputation Example

Jump to bottom
Jeremy Barlow edited this page Mar 28, 2018 · 11 revisions

This sample demonstrates invoking the McAfee Threat Intelligence Exchange (TIE) DXL service to set the enterprise-specific trust level of a file (as identified by its hashes).

The majority of the sample code is shown below:

Sample Code

# Create the client
with DxlClient(config) as client:

    # Connect to the fabric
    client.connect()

    # Create the McAfee Threat Intelligence Exchange (TIE) client
    tie_client = TieClient(client)

    # Set the Enterprise reputation for notepad.exe to Known Trusted
    tie_client.set_file_reputation(
        TrustLevel.KNOWN_TRUSTED, {
            HashType.MD5: "f2c7bb8acc97f92e987a2d4087d021b1",
            HashType.SHA1: "7eb0139d2175739b3ccb0d1110067820be6abd29",
            HashType.SHA256: "142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2"
        },
        filename="notepad.exe",
        comment="Reputation set via OpenDXL")

    print("Succeeded.")

Once a connection is established to the DXL fabric, a TieClient instance is created which will be used to communicate with the TIE DXL services.

The enterprise-specific trust level is established for the file by invoking the set_file_reputation() method of the TieClient instance along with the hash values used to identify the file.

The filename and comment are optional, but are useful in identifying the file that is associated with the hashes (especially if the file did not previously exist in the TIE repository).

Output

If the set reputation operation succeeds the following message will be displayed:

Succeeded.

Home

McAfee Threat Intelligence Exchange (TIE) Python Client Library

SDK Modules

Examples

Clone this wiki locally