This sample executes a McAfee Active Response
search for the IP addresses of
hosts that have an Active Response client installed.
Prerequisites
- The samples configuration step has been completed (see Samples).
- A McAfee Active Response (MAR) Service is available on the DXL fabric.
- The JavaScript client has been authorized to perform MAR searches (see Authorize Client To Perform MAR Search in the OpenDXL Python SDK Documentation).
Running
To run this sample execute the sample/basic/basic-search-example.js
script
as follows:
$ node sample/basic/basic-search-example.js
The output should appear similar to the following:
Results:
192.168.130.152
192.168.130.133
Details
The majority of the sample code is shown below:
// Create the client
var client = new dxl.Client(config)
// Connect to the fabric, supplying a callback function which is invoked
// when the connection has been established
client.connect(function () {
// Create the McAfee Active Response (MAR) client
var marClient = new MarClient(client)
// Specify that MAR should include 'HostInfo|ip_address' in the search
// results
var hostInfoProjection = {}
hostInfoProjection[ProjectionConstants.NAME] = 'HostInfo'
hostInfoProjection[ProjectionConstants.OUTPUTS] = ['ip_address']
// Perform the search
marClient.search([hostInfoProjection], null, processSearchResult)
// Process the search result
function processSearchResult (searchError, resultContext) {
if (resultContext && resultContext.hasResults) {
// Get up to the first 10 items from the search result
resultContext.getResults(processResultSet, {limit: 10})
} else {
// Destroy the client - frees up resources so that the application
// stops running
client.destroy()
if (searchError) {
console.log(searchError.message)
}
}
}
// Process the set of result items retrieved from the search
function processResultSet (resultError, searchResult) {
// Destroy the client - frees up resources so that the application
// stops running
client.destroy()
if (resultError) {
console.log(resultError.message)
} else {
// Loop and display the results
var items = searchResult.items
if (items) {
console.log('Results:')
items.forEach(function (item) {
console.log(' ' + item.output['HostInfo|ip_address'])
})
}
}
}
})
Once a connection is established to the DXL fabric, the callback function supplied to the DXL client instance's connect() method will be invoked. From within the callback function, a MarClient instance is created. The MarClient instance will be used to perform searches.
Next, a search to collect the IP addresses for monitored systems is performed by invoking the search() method of the MarClient instance.
On successful execution of the search, the resultContext
parameter provided to
the processSearchResult
function contains the result of the search attempt, a
ResultsContext instance. The first 10 results are retrieved by invoking
the getResults() method of the
ResultsContext object.
On successful receipt of the search results, the searchResult
parameter
provided to the processResultSet
function contains the search results. The
results are iterated and printed to the screen.