×
McAfee TIE

Overview

McAfee TIE plugin provides the ability to set file reputations on McAfee TIE servers and to query those servers for file reputation.

Functionality

McAfee Threat Intelligence Exchange allows one to associate file names and hashes with the McAfee concept of reputation (See the file reputations page for more information.). This reputation can be stored and retrieved with the following operations:

  • Set reputation
  • Get reputation

This will allow one to quickly check the reputation of an attachment by submitting its hash to TIE.

Flow Node

The NL-DXL-TIE-Set-File-Reputation node is a communication node which sends a DXL request to the TIE server setting file reputation according to the specified node configuration. The node properties are in the following table.
Property
Description

Name

The display name of the node within the flows.


OpenDXL Fabric

The unique Id of the OpenDXL Fabric associated with this message.


File Name

Optional value containing the name of file with the reputation change. See common contexts page for supported contexts.



SHA-1 Hash

Field containing the SHA-1 hash of the file.
See common contexts page for supported contexts.


MD5 Hash

Field containing the MD5 hash of the file.
See common contexts page for supported contexts.


SHA-256 Hash

Optional (and unused) field containing the SHA-256 hash of the file.
See common contexts page for supported contexts.

The NL-DXL-TIE-Get-File-Reputation node is a communication node which sends a DXL request to the TIE server querying file reputation according to the specified node configuration. File reputation response data. The numeric values indicate the providerId for a particular file reputation. The provider list is:
ProviderValue
GTI 1
ENTERPRISE 3
ATD )
MWG 7
The reputation value for the resource is retrieved. See the file reputations page for more information. The node properties are in the following table.
Property
Description

Name

The display name of the node within the flows.


OpenDXL Fabric

The unique Id of the OpenDXL Fabric associated with this message.


SHA-1 Hash

Field containing the SHA-1 hash of the file.
See common contexts page for supported contexts.


MD5 Hash

Field containing the MD5 hash of the file.
See common contexts page for supported contexts.


SHA-256 Hash

Optional (and unused) field containing the SHA-256 hash of the file.
See common contexts page for supported contexts.

Nevelex Labs, Main Office

Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921

©Nevelex Labs, LLC. 2018-2021, All Rights Reserved.

EULA