def on_event(self, event):
"""
Invoked when a DXL event has been received.
NOTE: This method should not be overridden (it performs transformations to simplify TIE usage).
Instead, the :func:`on_reputation_change` method must be overridden.
:param event: The original DXL event message that was received
"""
# Decode the event payload
rep_change_dict = json.loads(event.payload.decode(encoding="UTF-8"))
# Transform hashes
if RepChangeEventProp.HASHES in rep_change_dict:
rep_change_dict[RepChangeEventProp.HASHES] = \
TieClient._transform_hashes(rep_change_dict[RepChangeEventProp.HASHES])
# Transform new reputations
if RepChangeEventProp.NEW_REPUTATIONS in rep_change_dict:
if "reputations" in rep_change_dict[
RepChangeEventProp.NEW_REPUTATIONS]:
rep_change_dict[RepChangeEventProp.NEW_REPUTATIONS] = \
TieClient._transform_reputations(
rep_change_dict[RepChangeEventProp.NEW_REPUTATIONS]["reputations"])
# Transform old reputations
if RepChangeEventProp.OLD_REPUTATIONS in rep_change_dict:
if "reputations" in rep_change_dict[
RepChangeEventProp.OLD_REPUTATIONS]:
rep_change_dict[RepChangeEventProp.OLD_REPUTATIONS] = \
TieClient._transform_reputations(
rep_change_dict[RepChangeEventProp.OLD_REPUTATIONS]["reputations"])
# Transform relationships
if FileRepChangeEventProp.RELATIONSHIPS in rep_change_dict:
relationships_dict = rep_change_dict[
FileRepChangeEventProp.RELATIONSHIPS]
if "certificate" in relationships_dict:
cert_dict = relationships_dict["certificate"]
if "hashes" in cert_dict:
cert_dict["hashes"] = \
TieClient._transform_hashes(cert_dict["hashes"])
if "publicKeySha1" in cert_dict:
cert_dict["publicKeySha1"] = \
TieClient._base64_to_hex(cert_dict["publicKeySha1"])
# Transform certificate public-key SHA-1 (if applicable)
if CertRepChangeEventProp.PUBLIC_KEY_SHA1 in rep_change_dict:
rep_change_dict[CertRepChangeEventProp.PUBLIC_KEY_SHA1] = \
TieClient._base64_to_hex(rep_change_dict[CertRepChangeEventProp.PUBLIC_KEY_SHA1])
# Invoke the reputation change method
self.on_reputation_change(rep_change_dict, event)
def on_event(self, event):
"""
Invoked when a DXL event has been received.
NOTE: This method should not be overridden (it performs transformations to simplify TIE usage).
Instead, the :func:`on_detection` method must be overridden.
:param event: The original DXL event message that was received
"""
# Decode the event payload
detection_dict = json.loads(event.payload.decode(encoding="UTF-8"))
# Transform hashes
if DetectionEventProp.HASHES in detection_dict:
detection_dict[RepChangeEventProp.HASHES] = \
TieClient._transform_hashes(detection_dict[DetectionEventProp.HASHES])
# Invoke the detection method
self.on_detection(detection_dict, event)