def __init__(self, opts):
"""constructor provides access to the configuration options"""
super(FunctionComponent, self).__init__(opts)
try:
self.opts = opts
self.config = opts.get(PACKAGE_NAME).get(self.config_file)
if self.config is None:
log.error(
self.config_file +
" is not set. You must set this path to run this function")
raise ValueError(
self.config_file +
" is not set. You must set this path to run this function")
# Create configuration from file for DxlClient
config = DxlClientConfig.create_dxl_config_from_file(self.config)
# Create client
self.client = DxlClient(config)
self.client.connect()
except AttributeError:
log.error(
"There is no [fn_mcafee_opendxl] section in the config file,"
"please set that by running resilient-circuits config -u")
raise AttributeError(
"[fn_mcafee_opendxl] section is not set in the config file")
class TIEOutputBot(Bot):
def init(self):
if DxlClient is None:
raise ValueError(
"Could not import 'dxlclient'. Please install it.")
self.config = DxlClientConfig.create_dxl_config_from_file(
self.parameters.dxl_config_file)
self.dxlclient = DxlClient(self.config)
def process(self):
event = self.receive_message()
payload = json.dumps(event)
self.dxlclient.connect()
tie_client = TieClient(self.dxlclient)
tie_client.set_file_reputation(
TrustLevel.MOST_LIKELY_MALICIOUS, {
HashType.SHA256: event.get("malware.hash.sha256"),
HashType.SHA1: event.get("malware.hash.sha1"),
HashType.MD5: event.get("malware.hash.md5")
},
filename=event.get("malware.name"),
comment=self.parameters.comment)
self.dxlclient.disconnect()
self.logger.info("Event successfully sent.")
self.acknowledge_message()
def _dxl_connect(self):
"""
Attempts to connect to the DXL fabric
"""
# Connect to fabric
config = DxlClientConfig.create_dxl_config_from_file(
self._dxlclient_config_path)
config.incoming_message_thread_pool_size = self._incoming_thread_count
config.incoming_message_queue_size = self._incoming_queue_size
logger.info(
"Incoming message configuration: queueSize={0}, threadCount={1}".
format(config.incoming_message_queue_size,
config.incoming_message_thread_pool_size))
logger.info(
"Message callback configuration: queueSize={0}, threadCount={1}".
format(self._callbacks_queue_size, self._callbacks_thread_count))
self._dxl_client = DxlClient(config)
logger.info("Attempting to connect to DXL fabric ...")
self._dxl_client.connect()
logger.info("Connected to DXL fabric.")
self.on_register_event_handlers()
self.on_register_services()
self.on_dxl_connect()
def init(self):
if DxlClient is None:
raise ValueError(
"Could not import 'dxlclient'. Please install it.")
self.config = DxlClientConfig.create_dxl_config_from_file(
self.parameters.dxl_config_file)
self.dxlclient = DxlClient(self.config)
class CuckooDXLClient(object):
"""
Wrapper class for the OpenDXL Python Client.
"""
def __init__(self):
"""
Constructor.
"""
self.client = None
self.config = None
self.enabled = None
def init(self):
"""
Initialization method to determine if the OpenDXL Cuckoo Reporting Module is enabled and to get the OpenDXL
Python Client config file location from the dxl_client_config_file setting under the [dxleventreporting]
section of the reporting.conf file.
:return: A boolean indicating if the OpenDXL Cuckoo Reporting Module is enabled or not.
"""
self.enabled = config("reporting:dxleventreporting:enabled")
dxl_client_config_file = config(
"reporting:dxleventreporting:dxl_client_config_file")
if dxl_client_config_file is None:
raise CuckooOperationalError(
"Missing dxl_client_config_file setting under the "
"[dxleventreporting] section in the report.conf file.")
self.config = DxlClientConfig.create_dxl_config_from_file(
dxl_client_config_file)
return self.enabled
def connect(self):
"""
A method to have the OpenDXL Python Client connect to a DXL Broker listed in the OpenDXL Python Client
configuration client.
"""
if not self.enabled:
return
try:
log.info("Creating DXL Client")
if not self.client:
self.client = DxlClient(self.config)
self.client.connect()
elif not self.client.connected:
self.client.connect()
log.info("Connected to a broker")
except Exception as ex:
log.exception(
"Error creating DXL Client and connecting to a DXL Broker.")
raise CuckooOperationalError(
"Error creating DXL Client and connecting to a DXL Broker: %s"
% ex)
def _create_client_for_connection(self, client_id):
"""
Creates a DxlClient and stores it for the give client_id
:param client_id: the client_id for the DxlClient
"""
client = DxlClient(self.client_config)
client.connect()
logger.info("Initializing new dxl client for client_id: %s", client_id)
with self._client_dict_lock:
self._client_dict[client_id] = (client, datetime.datetime.now())
def __init__(self, opts):
super(DxlComponentSubscriber, self).__init__(opts)
self.config = verify_config(opts)
add_methods_to_global()
# Create and connect DXL client
config_client_file = self.config.get("config_client")
dxl_config = DxlClientConfig.create_dxl_config_from_file(
config_client_file)
self.client = DxlClient(dxl_config)
self.client.connect()
# This gets run once to tell the subscriber to listen on defined topics
self.main()
def setReputation(trustlevelStr, md5, sha1, sha256, filenameStr, commentStr):
# File Hashes
#mySetHashes = {HashType.MD5: "", HashType.SHA1: "", HashType.SHA256: ""}
trustlevelInt = getTrustLevel(trustlevelStr)
mySetHashes = hashMe(md5, sha1, sha256)
print("mySetHashes:")
print(mySetHashes)
# Create the client
with DxlClient(config) as client:
# Connect to the fabric
client.connect()
# Create the McAfee Threat Intelligence Exchange (TIE) client
tie_client = TieClient(client)
print(trustlevelInt)
print(mySetHashes)
print(filenameStr)
print(commentStr)
if trustlevelInt != -1:
# Set the Enterprise reputation for notepad.exe to Known Trusted
tie_client.set_file_reputation(trustlevelInt,
mySetHashes,
filename=filenameStr,
comment=commentStr)
else:
return jsonify(error="invalid trust level",
trustlevel=trustlevelStr)
client.disconnect()
def getEvents(self):
"""
Get Events off the DXL fabric
"""
## Create Web API request queue
SERVICE_TYPE = "/opendxl/webapi"
REQUEST_TOPIC = SERVICE_TYPE + "/requests"
class MyRequestCallback(RequestCallback):
def on_request(self, request):
# Extract
print("Service recieved request payload: " +
request.payload.decode())
# Create the client
with DxlClient(config) as client:
# Connect to the fabric
client.connect()
## Register with ePO and add the request topic
info = ServiceRegistrationInfo(client, SERVICE_TYPE)
client.register_service_sync(info, 10)
info.add_topic(REQUEST_TOPIC, MyRequestCallback())
## Get list of vendorIDs and subscribe to each topic
#vendorList = getVendorList()
#for vendor in vendorList:
# client.add_event_callback(vendorsDict[vendor]['topic'], ChgRepCallback())
client.disconnect()
## Listent to Events
print("Listening for Events")
while not thread_stop_event.isSet():
time.sleep(self.delay)
def __init__(self, params: Dict):
with open(self.broker_ca_bundle, "w") as text_file:
text_file.write(params['broker_ca_bundle'])
with open(self.cert_file, "w") as text_file:
text_file.write(params['cert_file'])
with open(self.private_key, "w") as text_file:
text_file.write(params['private_key'])
if 'broker_urls' in params:
self.broker_urls = params['broker_urls'].split(',')
self.push_ip_topic = params.get('push_ip_topic')
self.push_url_topic = params.get('push_url_topic')
self.push_domain_topic = params.get('push_domain_topic')
self.push_hash_topic = params.get('push_hash_topic')
self.client = DxlClient(self.get_client_config())
self.client.connect()
def set_rep(self, filename, level, md5, sha1, sha256, sandbox):
try:
with DxlClient(self.config) as client:
client.connect()
tie_client = TieClient(client)
# multi-sandbox support: merge results if some are already available
existing_reputation = tie_client.get_file_reputation(
{HashType.SHA256: sha256})
if existing_reputation and FileProvider.EXTERNAL in existing_reputation:
logging.info(
"A external reputation verdict has been already present for the sample, will merge the results"
)
if (level != 0 and level < existing_reputation[
FileProvider.EXTERNAL]["trustLevel"]):
self._set_reputation(tie_client, filename, level, md5,
sha1, sha256, sandbox)
else:
logging.info(
"New reputation level was higher than what is already present"
)
else:
self._set_reputation(tie_client, filename, level, md5,
sha1, sha256, sandbox)
except Exception as e:
logging.error(
"ERROR setting the reputation in TIE for SHA256 %s using sandbox %s: %s",
str(sha256),
sandbox,
e,
)
def action(md5):
CONFIG_FILE = "path to the config file"
config = DxlClientConfig.create_dxl_config_from_file(CONFIG_FILE)
with DxlClient(config) as client:
client.connect()
marclient = MarClient(client)
results_context = \
marclient.search(
projections=[{
"name": "HostInfo",
"outputs": ["hostname","ip_address"]
}, {
"name": "Files",
"outputs": ["md5","status"]
}],
conditions={
"or": [{
"and": [{
"name": "Files",
"output": "md5",
"op": "EQUALS",
"value": md5
}]
}]
}
)
if results_context.has_results:
results = results_context.get_results()
return results
else:
pass
def run(self, params={}):
topic = params.get('topic')
number_of_messages = params.get('number_of_messages')
if number_of_messages < 1:
raise Exception('Number of messages must be 1 or more')
def _send(message_string):
try:
self.message_list.append(message_string)
if len(self.message_list) >= number_of_messages:
self.send({'messages': self.message_list})
self.message_list = []
except Exception as e:
self.logger.error('Message string: {}'.format(message_string))
self.logger.error('Message list: {}'.format(self.message_list))
raise Exception(
'An unknown error occurred. Dumping buffer to log. Error: {}'
.format(e))
event_count_condition = Condition()
# Create the DXL client
with DxlClient(self.connection.config) as dxl_client:
# Connect to the fabric
dxl_client.connect()
class _TriggerEventCallback(EventCallback):
def on_event(self, event):
with event_count_condition:
_send(event.payload.decode())
event_count_condition.notify_all()
dxl_client.add_event_callback(topic, _TriggerEventCallback())
with event_count_condition:
while True:
event_count_condition.wait()
def file_references(hash):
config = get_client_config()
with DxlClient(config) as client:
client.connect()
# Create the McAfee Threat Intelligence Exchange (TIE) client
tie_client = TieClient(client)
hash_type = get_hash_type(hash)
hash_type_key = HASH_TYPE_KEYS.get(hash_type)
if not hash_type_key:
return create_error_entry('file argument must be sha1(40 charecters) or sha256(64 charecters) or md5(32 charecters)')
hash_param = {}
hash_param[hash_type_key] = hash
references = tie_client.get_file_first_references(hash_param)
table = references_to_table(references)
# creaet context
context_file = {}
hash_type_uppercase = hash_type.upper()
context_file[hash_type_uppercase] = hash
context_file['References'] = table
ec = {}
ec[outputPaths['file']] = context_file
return {
'Type': entryTypes['note'],
'ContentsFormat': formats['json'],
'Contents': references,
'ReadableContentsFormat': formats['markdown'],
'HumanReadable': tableToMarkdown('References for hash %s' % (hash,), table),
'EntryContext': ec
}
def MAR_Query(self, mar_search_str):
# Create the client
with DxlClient(self.config) as client:
# Connect to the fabric
client.connect()
# Create the McAfee Active Response (MAR) client
marclient = MarClient(client)
marclient.response_timeout = 30
# Start the search
results_context = marclient.search(
projections=[{
"name": "HostInfo",
"outputs": ["hostname", "ip_address"]
}],
conditions={"or": [{
"and": mar_search_str
}]})
# Iterate the results of the search
if results_context.has_results:
results = results_context.get_results()
for item in results[ResultConstants.ITEMS]:
yield (item['output']['HostInfo|ip_address'])
def set_file_reputation(hash, trust_level, filename, comment):
config = get_client_config()
# find trust_level key
trust_level_key = None
for k, v in TRUST_LEVELS.iteritems():
if v == trust_level:
trust_level_key = k
if not trust_level_key:
return create_error_entry('illigale argument trust_level %s. Choose value from predefined values' % (trust_level, ))
with DxlClient(config) as client:
client.connect()
tie_client = TieClient(client)
hash_type = get_hash_type(hash)
hash_type_key = HASH_TYPE_KEYS.get(hash_type)
if not hash_type_key:
return create_error_entry('file argument must be sha1(40 charecters) or sha256(64 charecters) or md5(32 charecters)')
hash_param = {}
hash_param[hash_type_key] = hash
try:
tie_client.set_file_reputation(trust_level_key, hash_param, filename, comment)
return 'Successfully set file repuation'
except Exception as ex:
return create_error_entry(str(ex))
def file(hash_inputs):
hash_list = []
for hash_value in hash_inputs:
config = get_client_config()
with DxlClient(config) as client:
client.connect()
# Create the McAfee Threat Intelligence Exchange (TIE) client
tie_client = TieClient(client)
hash_type = get_hash_type(hash_value)
hash_type_key = HASH_TYPE_KEYS.get(hash_type)
if not hash_type_key:
return create_error_entry('file argument must be sha1(40 charecters) or sha256(64 charecters)'
' or md5(32 charecters)')
hash_param = {}
reputations = {}
context_file = {}
hash_param[hash_type_key] = hash_value
hash_type_uppercase = hash_type.upper()
res = safe_get_file_reputation(tie_client, hash_param)
if not res:
dbot_score = [{'Indicator': hash_value, 'Type': 'hash', 'Vendor': VENDOR_NAME, 'Score': 0},
{'Indicator': hash_value, 'Type': 'file', 'Vendor': VENDOR_NAME, 'Score': 0}]
context_file[hash_type_uppercase] = hash_value
context_file['TrustLevel'] = 0
context_file['Vendor'] = VENDOR_NAME
else:
reputations = res.values()
# create context
tl_score = get_thrust_level_and_score(reputations)
context_file[hash_type_uppercase] = hash_value
context_file['TrustLevel'] = tl_score['trust_level']
context_file['Vendor'] = tl_score['vendor']
dbot_score = [{'Indicator': hash_value, 'Type': 'hash', 'Vendor': tl_score['vendor'],
'Score': tl_score['score']},
{'Indicator': hash_value, 'Type': 'file', 'Vendor': tl_score['vendor'],
'Score': tl_score['score']}]
if tl_score['score'] >= 2:
context_file['Malicious'] = {
'Vendor': tl_score['vendor'],
'Score': tl_score['score'],
'Description': 'Trust level is ' + str(tl_score['trust_level'])
}
ec = {'DBotScore': dbot_score, outputPaths['file']: context_file}
table = reputations_to_table(reputations)
hash_list.append({
'Type': entryTypes['note'],
'ContentsFormat': formats['json'],
'Contents': reputations,
'ReadableContentsFormat': formats['markdown'],
'HumanReadable': tableToMarkdown('McAfee TIE Hash Reputations For %s:' % (hash_value,), table),
'EntryContext': ec
})
return hash_list
def subscriber(self):
with DxlClient(self.config) as client:
client.connect()
class MyEventCallback(EventCallback):
def on_event(self, event):
try:
query = event.payload.decode()
print("STATUS: McAfee ATD Event received. Adding to MISP.")
query = query[:query.rfind('}') + 1]
query = json.loads(query)
# Push data into MISP
misp = MISP(query)
misp.main()
except Exception as e:
exc_type, exc_obj, exc_tb = sys.exc_info()
print("Error in {location}.{funct_name}() - line {line_no} : {error}"
.format(location=__name__, funct_name=sys._getframe().f_code.co_name,
line_no=exc_tb.tb_lineno, error=str(e)))
@staticmethod
def worker_thread(req):
client.sync_request(req)
# Register the callback with the client
client.add_event_callback('#', MyEventCallback(), subscribe_to_topic=False)
client.subscribe("/mcafee/event/atd/file/report")
# Wait forever
while True:
time.sleep(60)
def tierep(md5, sha1):
if not is_hex(md5):
return "MD5 Value should be hex"
if not is_hex(sha1) and not sha1 == "":
return "SHA1 Value should be hex"
md5_hex = md5
sha1_hex = sha1
if (md5_hex) or (sha1_hex):
with DxlClient(config) as client:
# Connect to the fabric
client.connect()
#
# Request and display reputation for Putty
#
response_dict = get_tie_file_reputation(client=client,
md5_hex=md5_hex,
sha1_hex=sha1_hex)
filename = "putty.exe"
myReturnVal = json.dumps(response_dict,
sort_keys=True,
indent=4,
separators=(',', ': '))
fileProps = json.loads(myReturnVal)
print fileProps['props']
propList = []
for provider in fileProps['reputations']:
propDict = {}
providerID = int(provider['providerId'])
trustLevel = int(provider['trustLevel'])
print "Create Date: " + str(provider['createDate'])
if (providerID in providerMap):
print "Provider: " + str(providerMap[providerID])
propDict['provider'] = str(providerMap[providerID])
else:
print "Provider: Not Available"
propDict['provider'] = "Not Available"
if (trustLevel in tiescoreMap):
print "Reputation: " + str(tiescoreMap[trustLevel])
propDict['reputation'] = str(tiescoreMap[trustLevel])
else:
print "Reputation: Not Available"
propDict['reputation'] = "Not Available"
print ""
propList.append(propDict)
return render_template('reputation.html',
md5=md5,
sha1=sha1,
filename=filename,
propList=propList,
myReturnVal=myReturnVal)
else:
myReturnVal = "Sorry Nobody Home"
return myReturnVal
def connect(self, config_file="./dxlclient.config"):
if self.isConnected():
raise DxlJythonException(1100, "Already connected to the OpenDXL broker")
try:
logger.info("Reading configuration file from '%s'", config_file)
config = DxlClientConfig.create_dxl_config_from_file(config_file)
# Initialize DXL client using our configuration
self.client = DxlClient(config)
# Connect to DXL Broker
self.client.connect()
return
except Exception as e:
logger.info("Exception: " + e.message)
raise DxlJythonException(1000, "Unable to establish a connection with the DXL broker")
def test(self):
try:
with DxlClient(self.config) as dxl_client:
# Connect to the fabric
dxl_client.connect()
return True
except:
raise ConnectionTestException(
preset=ConnectionTestException.Preset.SERVICE_UNAVAILABLE)
def __init__(self, app):
super(MonitorModule,
self).__init__(app, "monitor", "Fabric Monitor",
"/public/images/monitor.png", "monitor_layout")
# dictionary to store DXL Client instances unique to each "session"
self._client_dict = {}
# dictionary to store web sockets for each "session"
self._web_socket_dict = {}
# dictionary to store incoming messages for each "session"
self._pending_messages = {}
# dictionary to cache service state
self._services = {}
self._message_id_topics = {}
self._client_config = DxlClientConfig.create_dxl_config_from_file(
self.app.bootstrap_app.client_config_path)
# DXL Client to perform operations that are the same for all users(svc registry queries)
self._dxl_service_client = DxlClient(self._client_config)
self._dxl_service_client.connect()
self._dxl_service_client.add_event_callback(
MonitorModule.SERVICE_REGISTRY_REGISTER_EVENT_TOPIC,
_ServiceEventCallback(self))
self._dxl_service_client.add_event_callback(
MonitorModule.SERVICE_REGISTRY_UNREGISTER_EVENT_TOPIC,
_ServiceEventCallback(self))
self._refresh_all_services()
self._service_updater_thread = threading.Thread(
target=self._service_updater)
self._service_updater_thread.daemon = True
self._service_updater_thread.start()
self._dxl_client_cleanup_thread = threading.Thread(
target=self._cleanup_dxl_clients)
self._dxl_client_cleanup_thread.daemon = True
self._dxl_client_cleanup_thread.start()
def test():
config = get_client_config()
demisto.info('######## config created ########')
with DxlClient(config) as client:
client.connect()
demisto.info('######## client connected ########')
client.disconnect()
demisto.info('######## client disconnected ########')
MarClient(client)
demisto.info('######## client MAR client created ########')
def __init__(self, opts):
super(McAfeeTieSearcher, self).__init__(opts)
try:
config = opts.get("mcafee").get(self.config_file)
if config is None:
LOG.error(self.config_file + " is not set. You must set this path to run this threat service")
raise ValueError(self.config_file + " is not set. You must set this path to run this threat service")
# Create configuration from file for DxlClient
self.config = DxlClientConfig.create_dxl_config_from_file(config)
except AttributeError:
LOG.error("There is no [mcafee] section in the config file,"
"please set that by running resilient-circuits config -u")
raise AttributeError("[mcafee] section is not set in the config file")
# Create client
self.client = DxlClient(self.config)
self.client.connect()
def __init__(self, device):
self.logger = logging.getLogger("Plugin.DXLBroker")
self.deviceID = device.id
address = device.pluginProps.get(u'address', "")
port = device.pluginProps.get(u'port', "")
ca_bundle = indigo.server.getInstallFolderPath(
) + '/' + device.pluginProps.get(u'ca_bundle', "")
cert_file = indigo.server.getInstallFolderPath(
) + '/' + device.pluginProps.get(u'cert_file', "")
private_key = indigo.server.getInstallFolderPath(
) + '/' + device.pluginProps.get(u'private_key', "")
self.logger.debug(
f"{device.name}: Broker __init__ address = {address}, ca_bundle = {ca_bundle}, cert_file = {cert_file}, private_key = {private_key}"
)
device.updateStateOnServer(key="status", value="Not Connected")
device.updateStateImageOnServer(indigo.kStateImageSel.SensorOff)
# Create the client configuration
broker = Broker.parse(f"ssl://{address}:{port}")
config = DxlClientConfig(broker_ca_bundle=ca_bundle,
cert_file=cert_file,
private_key=private_key,
brokers=[broker])
# Create the DXL client
self.dxl_client = DxlClient(config)
# Connect to the fabric
self.dxl_client.connect()
device.updateStateOnServer(key="status", value="Connected")
device.updateStateImageOnServer(indigo.kStateImageSel.SensorOn)
subs = device.pluginProps.get(u'subscriptions', None)
if subs:
for topic in subs:
self.dxl_client.add_event_callback(topic,
self.MyEventCallback(self))
self.logger.info(u"{}: Subscribing to: {}".format(
device.name, topic))
def main(argv):
TOPIC_DESTINATION = ''
TYPE_PAYLOAD = ''
PAYLOAD = ''
help = 'python ' + sys.argv[0] + ' -t <topic destination> -p <payload>'
try:
opts, args = getopt.getopt(argv, "ht:p:", ["topic=", "payload="])
except getopt.GetoptError:
print help
sys.exit(1)
for opt, arg in opts:
if opt == '-h':
print help
sys.exit(1)
elif opt in ("-t", "--topic"):
TOPIC_DESTINATION = arg
elif opt in ("-p", "--payload"):
PAYLOAD = arg
if (TOPIC_DESTINATION != '' and PAYLOAD != ''):
DXL_MESSAGE['SRC_HOST'] = IP
DXL_MESSAGE['PAYLOAD'] = PAYLOAD
# Create the client
with DxlClient(config) as client:
# Connect to the fabric
client.connect()
#
# Invoke the service (send a request)
#
# Create the request
req = Request(TOPIC_DESTINATION)
# Populate the request payload
req.payload = str(json.dumps(DXL_MESSAGE)).encode()
# Send the request and wait for a response (synchronous)
res = client.sync_request(req)
# Extract information from the response (if an error did not occur)
if res.message_type != Message.MESSAGE_TYPE_ERROR:
print "result is coming:"
print res.payload
else:
logger.error("Error: " + res.error_message + " (" +
str(res.error_code) + ")")
else:
print help
sys.exit(1)
def __init__(self, opts):
"""constructor provides access to the configuration options"""
super(FunctionComponent, self).__init__(opts)
try:
config = opts.get("fn_mcafee_tie").get(self.config_file)
if config is None:
LOG.error(self.config_file + " is not set. You must set this path to run this function")
raise ValueError(self.config_file + " is not set. You must set this path to run this function")
LOG.info("Using %s to create configuration for DxlClient", config)
# Create configuration from file for DxlClient
self.config = DxlClientConfig.create_dxl_config_from_file(config)
except AttributeError:
LOG.error("There is no [fn_mcafee_tie] section in the config file, "
"please set that by running resilient-circuits config -u")
raise AttributeError("[fn_mcafee_tie] section is not set in the config file")
self.client = DxlClient(self.config)
self._connect_client()
def run(self, params={}):
topic = params.get('topic')
event_message = params.get('event_message')
event = Event(topic)
event.payload = event_message.encode()
with DxlClient(self.connection.config) as dxl_client:
# Connect to the fabric
dxl_client.connect()
dxl_client.send_event(event)
return {'success': True}
def getTieRep(md5, sha1, sha256):
with DxlClient(config) as client:
# Connect to the fabric
client.connect()
# Create the McAfee Threat Intelligence Exchange (TIE) client
tie_client = TieClient(client)
myGetHashes = hashMe(md5, sha1, sha256)
reputations_dict = tie_client.get_file_reputation(myGetHashes)
client.disconnect()
#myReturnVal = json.dumps(reputations_dict, sort_keys=True, indent=4, separators=(',', ': ')) + "\n"
return reputations_dict
def selftest_function(opts):
options = opts.get(CONFIG_DATA_SECTION, {})
try:
try:
config_file = options.get("dxlclient_config")
if config_file is None:
log.error(
"dxlclient_config is not set. You must set this path to run this function"
)
raise ValueError(
"dxlclient_config is not set. You must set this path to run this function"
)
# Create configuration from file for DxlClient
dxlclient_config = DxlClientConfig.create_dxl_config_from_file(
config_file)
except AttributeError:
log.error(
"There is no [fn_mcafee_tie] section in the config file, "
"please set that by running resilient-circuits config -u")
raise AttributeError(
"[fn_mcafee_tie] section is not set in the config file")
dxlclient = DxlClient(dxlclient_config)
dxlclient.connect()
tie_client = TieClient(dxlclient)
if dxlclient.connected and tie_client:
state = 'success'
reason = None
else:
state = 'failure'
reason = 'authorization failure'
return {'state': state, 'reason': reason}
except Exception as exc:
return {'state': 'failure', 'reason': exc}
