chrissmith-mcafee/tie-basic-get-cert-reputation-example.json

## tie-basic-get-cert-reputation-example.json
[
    {
        "id": "e6aa430b.c2db4",
        "type": "tab",
        "label": "TIE Get Certificate Reputation Example",
        "disabled": false,
        "info": "This sample invokes the TIE DXL service to retrieve the reputation of a\r\ncertificate (as identified by hashes). The response to the TIE request is\r\nprinted to the Node-RED `debug` tab.\r\n\r\n### Prerequisites\r\n\r\n* The samples configuration step has been completed (see\r\n  [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* A TIE service is available on the DXL fabric.\r\n\r\n### Setup\r\n\r\n* Edit the `Specify hash request parameters` node and modify the `msg.sha1`\r\n  rule with the hash of the certificate and the `msg.publicKeySha1` rule with\r\n  the hash of the public key that you want to use for the lookup. Note that\r\n  the `msg.publicKeySha1` property is optional so this value can be set to an\r\n  empty string or the property may be removed entirely if the public key is\r\n  not known.\r\n\r\n* To deploy the flow, press the `Deploy` button in the upper-right corner of the\r\n  screen. If Node-RED is able to properly connect to the DXL fabric, a green dot\r\n  with the word `connected` should appear under the\r\n  `Get reputation from TIE` node.\r\n\r\n### Running\r\n\r\nTo exercise the flow, double-click the button on the left side of the \r\n`Start flow` node.\r\n\r\n### Output\r\n\r\nThe output in the Node-RED `debug` tab should appear similar to the following:\r\n\r\n```\r\n? { 2: object, 4: object }\r\n```\r\n\r\nClick on the right arrow buttons to expand the contents of the object. The\r\ncontent should look similar to the following:\r\n\r\n```\r\n? object\r\n ? 2: object\r\n  ? attributes: object\r\n      2108821: \"94\"\r\n      2109077: \"1454912619\"\r\n      2117524: \"0\"\r\n      2120596: \"0\"\r\n    createDate: 1476318514\r\n    providerId: 2\r\n    trustLevel: 99\r\n ? 4: object\r\n  ? attributes: object\r\n      2109333: \"12\"\r\n      2109589: \"1476318514\"\r\n      2139285: \"7318349394477075\r\n    createDate: 1476318514\r\n    providerId: 4\r\n    trustLevel: 0\r\n```\r\n\r\nThe `key` for each entry in the object corresponds to a particular `provider` of\r\nthe associated `reputation`. The list of certificate reputation providers can\r\nbe found in the\r\n[CertProvider documentation](https://opendxl.github.io/opendxl-tie-client-javascript/jsdoc/module-CertProvider.html)\r\nin the TIE JavaScript client SDK.\r\n\r\nThe McAfee Global Threat Intelligence (GTI) service is identified in the results\r\nas `providerId: 2`. The trust level associated with the GTI response\r\n(`trustLevel: 99`) indicates that the certificate is known good.\r\n\r\nSee the \r\n[TrustLevel documentation](https://opendxl.github.io/opendxl-tie-client-javascript/jsdoc/module-TrustLevel.html)\r\nin the TIE JavaScript client SDK for the list of standard trust levels.\r\n\r\n### Details\r\n\r\nThe flow exercises the nodes below.\r\n\r\n#### Start flow\r\n\r\nThis is an `inject` input node which starts the flow.\r\n\r\n#### Set hash request parameters\r\n\r\nThis is a `change` node which sets the hash of the certificate to the\r\n`msg.sha1` property and the hash of the associated public key to the\r\n`msg.publicKeySha1` property. The `Get reputation from TIE` node uses the\r\n`sha1` and `publicKeySha1` properties when constructing the parameters for the\r\nTIE first references request. \r\n\r\n#### Get reputation from TIE\r\n\r\nThis is a `tie get certificate reputation` node. This node connects to\r\nthe DXL fabric and sends a DXL `Request` message to the TIE service to lookup\r\ncertificate reputation information.\r\n\r\nThe request message also includes the `sha1` and `publicKeySha1` properties set\r\nby the `Set hash request parameters` node.\r\n\r\nThe `Return` property is set to \"a parsed JSON object\" to indicate that the\r\npayload for the response should be added to the output message as a JavaScript\r\nobject decoded from JSON.\r\n\r\n#### Output first references\r\n\r\nThis is a `debug` output node. This node outputs the `payload` set on\r\nthe message by the `Get reputation from TIE` node. The output should\r\ninclude information for reputation data for the certificate."
    },
    {
        "id": "a148f5e2.763d88",
        "type": "dxl-tie-get-certificate-reputation",
        "z": "e6aa430b.c2db4",
        "name": "Get reputation from TIE",
        "client": "2ed0ce07.039942",
        "returnType": "obj",
        "x": 330,
        "y": 200,
        "wires": [
            [
                "14798663.f923fa"
            ]
        ]
    },
    {
        "id": "14798663.f923fa",
        "type": "debug",
        "z": "e6aa430b.c2db4",
        "name": "Debug: Output reputation",
        "active": true,
        "tosidebar": true,
        "console": false,
        "tostatus": false,
        "complete": "payload",
        "x": 590,
        "y": 200,
        "wires": []
    },
    {
        "id": "caeea8f4.abe3c8",
        "type": "inject",
        "z": "e6aa430b.c2db4",
        "name": "Start flow",
        "topic": "",
        "payload": "",
        "payloadType": "str",
        "repeat": "",
        "crontab": "",
        "once": false,
        "onceDelay": 0.1,
        "x": 100,
        "y": 40,
        "wires": [
            [
                "44a5cb23.7a8ad4"
            ]
        ]
    },
    {
        "id": "44a5cb23.7a8ad4",
        "type": "change",
        "z": "e6aa430b.c2db4",
        "name": "Set hash request parameters",
        "rules": [
            {
                "t": "set",
                "p": "sha1",
                "pt": "msg",
                "to": "6eae26db8c13182a7947982991b4321732cc3de2",
                "tot": "str"
            },
            {
                "t": "set",
                "p": "publicKeySha1",
                "pt": "msg",
                "to": "3b87a2d6f39770160364b79a152fcc73bae27adf",
                "tot": "str"
            }
        ],
        "action": "",
        "property": "",
        "from": "",
        "to": "",
        "reg": false,
        "x": 240,
        "y": 120,
        "wires": [
            [
                "a148f5e2.763d88"
            ]
        ]
    },
    {
        "id": "5aaa4a15.cfe6b4",
        "type": "comment",
        "z": "e6aa430b.c2db4",
        "name": "Supply the cert hashes in the 'Specify hash request parameters' node",
        "info": "",
        "x": 460,
        "y": 60,
        "wires": []
    },
    {
        "id": "2ed0ce07.039942",
        "type": "dxl-client",
        "z": "",
        "configFile": "/data/dxl/dxlclient.config",
        "name": "",
        "keepAliveInterval": "1800",
        "reconnectDelay": "1"
    }
]
	[
	{
	"id": "e6aa430b.c2db4",
	"type": "tab",
	"label": "TIE Get Certificate Reputation Example",
	"disabled": false,
	"info": "This sample invokes the TIE DXL service to retrieve the reputation of a\r\ncertificate (as identified by hashes). The response to the TIE request is\r\nprinted to the Node-RED `debug` tab.\r\n\r\n### Prerequisites\r\n\r\n* The samples configuration step has been completed (see\r\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* A TIE service is available on the DXL fabric.\r\n\r\n### Setup\r\n\r\n* Edit the `Specify hash request parameters` node and modify the `msg.sha1`\r\n rule with the hash of the certificate and the `msg.publicKeySha1` rule with\r\n the hash of the public key that you want to use for the lookup. Note that\r\n the `msg.publicKeySha1` property is optional so this value can be set to an\r\n empty string or the property may be removed entirely if the public key is\r\n not known.\r\n\r\n* To deploy the flow, press the `Deploy` button in the upper-right corner of the\r\n screen. If Node-RED is able to properly connect to the DXL fabric, a green dot\r\n with the word `connected` should appear under the\r\n `Get reputation from TIE` node.\r\n\r\n### Running\r\n\r\nTo exercise the flow, double-click the button on the left side of the \r\n`Start flow` node.\r\n\r\n### Output\r\n\r\nThe output in the Node-RED `debug` tab should appear similar to the following:\r\n\r\n```\r\n? { 2: object, 4: object }\r\n```\r\n\r\nClick on the right arrow buttons to expand the contents of the object. The\r\ncontent should look similar to the following:\r\n\r\n```\r\n? object\r\n ? 2: object\r\n ? attributes: object\r\n 2108821: \"94\"\r\n 2109077: \"1454912619\"\r\n 2117524: \"0\"\r\n 2120596: \"0\"\r\n createDate: 1476318514\r\n providerId: 2\r\n trustLevel: 99\r\n ? 4: object\r\n ? attributes: object\r\n 2109333: \"12\"\r\n 2109589: \"1476318514\"\r\n 2139285: \"7318349394477075\r\n createDate: 1476318514\r\n providerId: 4\r\n trustLevel: 0\r\n```\r\n\r\nThe `key` for each entry in the object corresponds to a particular `provider` of\r\nthe associated `reputation`. The list of certificate reputation providers can\r\nbe found in the\r\n[CertProvider documentation](https://opendxl.github.io/opendxl-tie-client-javascript/jsdoc/module-CertProvider.html)\r\nin the TIE JavaScript client SDK.\r\n\r\nThe McAfee Global Threat Intelligence (GTI) service is identified in the results\r\nas `providerId: 2`. The trust level associated with the GTI response\r\n(`trustLevel: 99`) indicates that the certificate is known good.\r\n\r\nSee the \r\n[TrustLevel documentation](https://opendxl.github.io/opendxl-tie-client-javascript/jsdoc/module-TrustLevel.html)\r\nin the TIE JavaScript client SDK for the list of standard trust levels.\r\n\r\n### Details\r\n\r\nThe flow exercises the nodes below.\r\n\r\n#### Start flow\r\n\r\nThis is an `inject` input node which starts the flow.\r\n\r\n#### Set hash request parameters\r\n\r\nThis is a `change` node which sets the hash of the certificate to the\r\n`msg.sha1` property and the hash of the associated public key to the\r\n`msg.publicKeySha1` property. The `Get reputation from TIE` node uses the\r\n`sha1` and `publicKeySha1` properties when constructing the parameters for the\r\nTIE first references request. \r\n\r\n#### Get reputation from TIE\r\n\r\nThis is a `tie get certificate reputation` node. This node connects to\r\nthe DXL fabric and sends a DXL `Request` message to the TIE service to lookup\r\ncertificate reputation information.\r\n\r\nThe request message also includes the `sha1` and `publicKeySha1` properties set\r\nby the `Set hash request parameters` node.\r\n\r\nThe `Return` property is set to \"a parsed JSON object\" to indicate that the\r\npayload for the response should be added to the output message as a JavaScript\r\nobject decoded from JSON.\r\n\r\n#### Output first references\r\n\r\nThis is a `debug` output node. This node outputs the `payload` set on\r\nthe message by the `Get reputation from TIE` node. The output should\r\ninclude information for reputation data for the certificate."
	},
	{
	"id": "a148f5e2.763d88",
	"type": "dxl-tie-get-certificate-reputation",
	"z": "e6aa430b.c2db4",
	"name": "Get reputation from TIE",
	"client": "2ed0ce07.039942",
	"returnType": "obj",
	"x": 330,
	"y": 200,
	"wires": [
	[
	"14798663.f923fa"
	]
	]
	},
	{
	"id": "14798663.f923fa",
	"type": "debug",
	"z": "e6aa430b.c2db4",
	"name": "Debug: Output reputation",
	"active": true,
	"tosidebar": true,
	"console": false,
	"tostatus": false,
	"complete": "payload",
	"x": 590,
	"y": 200,
	"wires": []
	},
	{
	"id": "caeea8f4.abe3c8",
	"type": "inject",
	"z": "e6aa430b.c2db4",
	"name": "Start flow",
	"topic": "",
	"payload": "",
	"payloadType": "str",
	"repeat": "",
	"crontab": "",
	"once": false,
	"onceDelay": 0.1,
	"x": 100,
	"y": 40,
	"wires": [
	[
	"44a5cb23.7a8ad4"
	]
	]
	},
	{
	"id": "44a5cb23.7a8ad4",
	"type": "change",
	"z": "e6aa430b.c2db4",
	"name": "Set hash request parameters",
	"rules": [
	{
	"t": "set",
	"p": "sha1",
	"pt": "msg",
	"to": "6eae26db8c13182a7947982991b4321732cc3de2",
	"tot": "str"
	},
	{
	"t": "set",
	"p": "publicKeySha1",
	"pt": "msg",
	"to": "3b87a2d6f39770160364b79a152fcc73bae27adf",
	"tot": "str"
	}
	],
	"action": "",
	"property": "",
	"from": "",
	"to": "",
	"reg": false,
	"x": 240,
	"y": 120,
	"wires": [
	[
	"a148f5e2.763d88"
	]
	]
	},
	{
	"id": "5aaa4a15.cfe6b4",
	"type": "comment",
	"z": "e6aa430b.c2db4",
	"name": "Supply the cert hashes in the 'Specify hash request parameters' node",
	"info": "",
	"x": 460,
	"y": 60,
	"wires": []
	},
	{
	"id": "2ed0ce07.039942",
	"type": "dxl-client",
	"z": "",
	"configFile": "/data/dxl/dxlclient.config",
	"name": "",
	"keepAliveInterval": "1800",
	"reconnectDelay": "1"
	}
	]