This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"id": "3bcf37ef.a9d108", | |
"type": "tab", | |
"label": "Add Hash Sightings to MISP Event using MAR", | |
"disabled": false, | |
"info": "This flow utilizes McAfee Active Response (MAR) to adds sightings to MISP \r\npublished events containing hash-based attributes.\r\n\r\nWhen a MISP event is published, the flow examines the event to determine if \r\nit contains hash-based attributes. If it does, a MAR search is performed \r\nto determine if any active endpoints contain the hashes. For each endpoint\r\ncontaining a hash, a sighting is added to the MISP event in addition to a \r\ncomment that includes the associated endpoint information.\r\n\r\n### Prerequisites\r\n\r\n* The Node-RED DXL client configuration step has been completed (see\r\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* A McAfee Active Response (MAR) service is available on the DXL fabric.\r\n* The Node-RED DXL client is authorized to perform MA |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"id": "454f293f.10a098", | |
"type": "tab", | |
"label": "Tag System when ISE Policy Applied", | |
"disabled": false, | |
"info": "This flow ensures that systems within McAfee ePO are tagged to indicate\r\nwhat policies are currently applied within Cisco ISE Adaptive Network \r\nControl (ANC). When an ANC policy is applied, the corresponding system is\r\nlocated within ePO and tagged approriately. When an ANC policy is removed,\r\nthe corresponding system is located within ePO and untagged appropriately.\r\n\r\n### Prerequisites\r\n\r\n* The Node-RED DXL client configuration step has been completed (see\r\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* The DXL fabric to which the Node-RED DXL client will connect has been bridged to Cisco\r\n pxGrid.\r\n* An ePO DXL service is running and available on the DXL fabric. If version 5.0\r\n or later of the DXL ePO extensions are installed on your ePO server, an ePO\ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"id": "a6c49432.25d5b8", | |
"type": "tab", | |
"label": "ePO Remote Command Example", | |
"disabled": false, | |
"info": "This sample invokes and displays the results of a `system.findTag` remote\r\ncommand via the ePO DXL service. The results of the find command are displayed\r\non the Node-RED `debug` tab.\r\n\r\n### Prerequisites\r\n\r\n* The samples configuration step has been completed (see\r\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* A ePO DXL service is running and available on the DXL fabric. If version 5.0\r\n or later of the DXL ePO extensions are installed on your ePO server, an ePO\r\n DXL service should already be running on the fabric. If you are using an\r\n earlier version of the DXL ePO extensions, you can use the\r\n [ePO DXL Python Service](https://github.com/opendxl/opendxl-epo-service-python).\r\n* The DXL client associated with the `Find tags in ePO` node is authorized to\r\n inv |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"id": "c73cd652.3f9f08", | |
"type": "tab", | |
"label": "ePO System Find Example", | |
"disabled": false, | |
"info": "This sample invokes and displays the results of a `system.find` remote command\r\nvia the ePO DXL service. The results of the find command are displayed on the\r\nNode-RED `debug` tab.\r\n\r\n### Prerequisites\r\n\r\n* The samples configuration step has been completed (see\r\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* A ePO DXL service is running and available on the DXL fabric. If version 5.0\r\n or later of the DXL ePO extensions are installed on your ePO server, an ePO\r\n DXL service should already be running on the fabric. If you are using an\r\n earlier version of the DXL ePO extensions, you can use the\r\n [ePO DXL Python Service](https://github.com/opendxl/opendxl-epo-service-python).\r\n* The DXL client associated with the `Find systems in ePO` node is\r\n authorized to invoke |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"id": "a1d1dbd.b4d6328", | |
"type": "tab", | |
"label": "ePO Create Threat Event Example", | |
"disabled": false, | |
"info": "This sample invokes and displays the results of a\n`DxlBrokerMgmt.createEpoThreatEvent` remote command via the ePO DXL service.\nThe results of the event creation command are displayed on the Node-RED `debug`\ntab.\n\n### Prerequisites\n\n* The samples configuration step has been completed (see\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\n* A ePO DXL service is running and available on the DXL fabric. If version 5.0\n or later of the DXL ePO extensions are installed on your ePO server, an ePO\n DXL service should already be running on the fabric. If you are using an\n earlier version of the DXL ePO extensions, you can use the\n [ePO DXL Python Service](https://github.com/opendxl/opendxl-epo-service-python).\n* The DXL client associated with the `Create threat event in ePO` node is\n |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"id": "e6aa430b.c2db4", | |
"type": "tab", | |
"label": "TIE Get Certificate Reputation Example", | |
"disabled": false, | |
"info": "This sample invokes the TIE DXL service to retrieve the reputation of a\r\ncertificate (as identified by hashes). The response to the TIE request is\r\nprinted to the Node-RED `debug` tab.\r\n\r\n### Prerequisites\r\n\r\n* The samples configuration step has been completed (see\r\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* A TIE service is available on the DXL fabric.\r\n\r\n### Setup\r\n\r\n* Edit the `Specify hash request parameters` node and modify the `msg.sha1`\r\n rule with the hash of the certificate and the `msg.publicKeySha1` rule with\r\n the hash of the public key that you want to use for the lookup. Note that\r\n the `msg.publicKeySha1` property is optional so this value can be set to an\r\n empty string or the property may be removed entirely if the public key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"id": "39707d18.0f97d2", | |
"type": "tab", | |
"label": "TIE Get File Reputation Example", | |
"disabled": false, | |
"info": "This sample invokes the TIE DXL service to retrieve the reputation of a file (as\r\nidentified by hashes). The response to the TIE request is printed to the\r\nNode-RED `debug` tab.\r\n\r\n### Prerequisites\r\n\r\n* The samples configuration step has been completed (see\r\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* A TIE service is available on the DXL fabric.\r\n\r\n### Setup\r\n\r\n* To deploy the flow, press the `Deploy` button in the upper-right corner of the\r\n screen. If Node-RED is able to properly connect to the DXL fabric, a green dot\r\n with the word `connected` should appear under the `Get reputation from TIE`\r\n node.\r\n\r\n### Running\r\n\r\nTo exercise the flow for the \"notepad.exe\" file, double-click the button on the\r\nleft side of the `Start Notepad.exe lo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"id": "1723c736.e448e9", | |
"type": "tab", | |
"label": "ePO System Clear Tag Example", | |
"disabled": false, | |
"info": "This sample invokes and displays the results of a `system.clearTag` remote\r\ncommand via the ePO DXL service. The results of the clear command are displayed\r\non the Node-RED `debug` tab.\r\n\r\n### Prerequisites\r\n\r\n* The samples configuration step has been completed (see\r\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* A ePO DXL service is running and available on the DXL fabric. If version 5.0\r\n or later of the DXL ePO extensions are installed on your ePO server, an ePO\r\n DXL service should already be running on the fabric. If you are using an\r\n earlier version of the DXL ePO extensions, you can use the\r\n [ePO DXL Python Service](https://github.com/opendxl/opendxl-epo-service-python).\r\n* The DXL client associated with the `Clear system tag from ePO` node is\r\n auth |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"id": "3cab471f.fbdca8", | |
"type": "tab", | |
"label": "ePO System Apply Tag Example", | |
"disabled": false, | |
"info": "This sample invokes and displays the results of a `system.applyTag` remote\r\ncommand via the ePO DXL service. The results of the apply command are displayed\r\non the Node-RED `debug` tab.\r\n\r\n### Prerequisites\r\n\r\n* The samples configuration step has been completed (see\r\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* A ePO DXL service is running and available on the DXL fabric. If version 5.0\r\n or later of the DXL ePO extensions are installed on your ePO server, an ePO\r\n DXL service should already be running on the fabric. If you are using an\r\n earlier version of the DXL ePO extensions, you can use the\r\n [ePO DXL Python Service](https://github.com/opendxl/opendxl-epo-service-python).\r\n* The DXL client associated with the `Apply system tag in ePO` node is\r\n author |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"id": "ed863b5.ec467c8", | |
"type": "tab", | |
"label": "ePO Receive Threat Event Example", | |
"disabled": false, | |
"info": "This sample registers with the DXL fabric to receive threat event notifications\r\nfrom ePO via the ePO DXL service. The payload in the event message received from\r\nthe DXL fabric is printed to the Node-RED `debug` tab.\r\n\r\n### Prerequisites\r\n\r\n* The samples configuration step has been completed (see\r\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* The client is authorized to receive \"ePO Threat Event Automatic Response Events\"\r\n (see [Client Authorization](https://opendxl.github.io/opendxl-epo-service-python/pydoc/authorization.html#client-authorization)).\r\n* Under the `Automatic Responses` page on the ePO server, ensure that a\r\n `Send Threat Event via DXL` response is set to `Enabled`.\r\n\r\n### Setup\r\n\r\n* To deploy the flow, press the `Deploy` button in the |
NewerOlder