Class: TieClient

TieClient(dxlClient)

This client provides a high level wrapper for communicating with the McAfee Threat Intelligence Exchange (TIE) DXL service.

The purpose of this client is to allow users to access the features of TIE (manage reputations, determine where a file has executed, etc.) without having to focus on lower-level details such as TIE-specific DXL topics and message formats.

Constructor

new TieClient(dxlClient)

Parameters:
Name Type Description
dxlClient external:DxlClient

The DXL client to use for communication with the TIE DXL service.
Source:

Methods

addCertificateReputationChangeCallback(repChangeCallback)

Registers a callback with the client to receive certificate reputation change events. Each reputation change event that is received from the DXL fabric will cause this method to be invoked with the corresponding reputation change information.

Reputation Change Information

The Reputation Change information is provided as an object via the first parameter delivered to the callback.

An example reputation change object is shown below:

{
  "hashes": {
    "md5": "f2c7bb8acc97f92e987a2d4087d021b1",
    "sha1": "7eb0139d2175739b3ccb0d1110067820be6abd29",
    "sha256": "142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2"
  },
  "newReputations": {
    "1": {
      "attributes": {
        "2120340": "2139160704"
      },
      "createDate": 1480455704,
      "providerId": 1,
      "trustLevel": 99
    },
    "3": {
      "attributes": {
        "2101652": "235",
        "2102165": "1476902802",
        "2111893": "244",
        "2114965": "4",
        "2139285": "73183493944770750"
      },
      "createDate": 1476902802,
      "providerId": 3,
      "trustLevel": 99
    }
  },
  "oldReputations": {
    "1": {
      "attributes": {
        "2120340": "2139160704"
      },
      "createDate": 1480455704,
      "providerId": 1,
      "trustLevel": 99
    },
    "3": {
      "attributes": {
        "2101652": "235",
        "2102165": "1476902802",
        "2111893": "244",
        "2114965": "4",
        "2139285": "73183493944770750"
      },
      "createDate": 1476902802,
      "providerId": 3,
      "trustLevel": 85
    }
  },
  "updateTime": 1481219581
}

The top level property names in the object are listed in the CertRepChangeEventProp constants module.

The reputation change information is separated into 4 distinct sections:

Hash values

Keyed in the object by the "hashes" string.

An object of hashes that identify the certificate whose reputation has changed. The key in the object is the hash type and the value is the hex representation of the hash value. See the HashType module for the list of hash type constants.

There may also be a top-level property named "publicKeySha1" that contains the SHA-1 of the certificate's public key.

New reputations

Keyed in the object by the "newReputations" string.

The new Reputations for the file whose reputation has changed, as an object.

The key for each property in the object corresponds to a particular provider of the associated reputation. The list of certificate reputation providers can be found in the CertProvider constants module.

Each reputation contains a standard set of properties (trust level, creation date, etc.). These properties are listed in the CertReputationProp constants module.

Each reputation can also contain a provider-specific set of attributes as an object. These attributes can be found in the following modules:

Module Description
CertEnterpriseAttrib Attributes associated with the Enterprise reputation provider for certificates.
CertGtiAttrib Attributes associated with the Global Threat Intelligence (GTI) reputation provider for certificates.

Old reputations

Keyed in the object by the "oldReputations" string.

The previous Reputations for the file whose reputation has changed, as an object.

See the "New reputations" section above for additional information regarding reputation details.

Change time

Keyed in the object by the "updateTime" string.

The time the reputation change occurred (Epoch time).

Parameters:
Name Type Description
repChangeCallback function

Callback that will receive certificate reputation change events. The first parameter passed to the callback function is an object decoded from the JSON payload of the event content. The second parameter passed to the callback function is the full DXL Event object.
Source:
Example
tieClient.addCertificateReputationChangeCallback(
  function (repChangeObj, originalEvent) {
    console.log('Reputation change on topic: ' +
      originalEvent.destinationTopic)
    console.log(MessageUtils.objectToJson(repChangeObj, true))
  }
)

addFileDetectionCallback(detectionCallback)

Registers a callback with the client to receive file detection events. Each detection event that is received from the DXL fabric will cause this method to be invoked with the corresponding detection information.

Detection Information

The detection information is provided as an object via the first parameter delivered to the callback.

An example detection object is shown below:

{
  "agentGuid": "{68125cd6-a5d8-11e6-348e-000c29663178}",
  "detectionTime": 1481301038,
  "hashes": {
     "md5": "eb5e2b9dc51817a086d7b97eb52410ab",
     "sha1": "435dfd470f727437c7cb4f07cba1f9a1f4272656",
     "sha256": "414bb16b10ece2db2d8448cb9f313f80cb77c310ca0c19ee03c73cba0c16fedb"
  },
  "localReputation": 1,
  "name": "TEST_MALWARE.EXE",
  "remediationAction": 5
}

The top level property names in the object are listed in the DetectionEventProp constants module.

The information provided in the object includes:

  • System the detection occurred on.
  • Time the detection occurred (Epoch time).
  • File that triggered the detection (file name and associated hashes).
  • Reputation value that was calculated locally which triggered the detection.
  • Remediation action that occurred in response to the detection.
Parameters:
Name Type Description
detectionCallback function

Callback that will receive file detection events. The first parameter passed to the callback function is an object decoded from the JSON payload of the event content. The second parameter passed to the callback function is the full DXL Event object.
Source:
Example
tieClient.addFileDetectionCallback(function (detectionObj, originalEvent) {
  console.log('Detection on topic: ' + originalEvent.destinationTopic)
  console.log(MessageUtils.objectToJson(detectionObj, true))
})

addFileFirstInstanceCallback(firstInstanceCallback)

Registers a callback with the client to receive file first instance events. The "first instance" event indicates that this is the first time the file has been encountered within the local enterprise. Each first instance event that is received from the DXL fabric will cause this method to be invoked with the corresponding first instance information.

First Instance Information

The first instance information is provided as an object via the first parameter delivered to the callback.

An example first instance object is shown below:

{
  "agentGuid": "{68125cd6-a5d8-11e6-348e-000c29663178}",
  "hashes": {
    "md5": "31dbe8cc443d2ca7fd236ac00a52fb17",
    "sha1": "2d6ca45061b7972312e00e5933fdff95bb90b61b",
    "sha256": "aa3c461d4c21a392e372d0d6ca4ceb1e4d88098d587659454eaf4d93c661880f"
  },
  "name": "MORPH.EXE"
}

The top level property names in the object are listed in the FirstInstanceEventProp constants module.

The information provided in the object includes:

  • System the first instance of the file was found on
  • File information (file name and associated hashes)
Parameters:
Name Type Description
firstInstanceCallback function

Callback that will receive file first instance events. The first parameter passed to the callback function is an object decoded from the JSON payload of the event content. The second parameter passed to the callback function is the full DXL Event object.
Source:
Example
tieClient.addFileFirstInstanceCallback(
  function (firstInstanceObj, originalEvent) {
    console.log('First instance on topic: ' + originalEvent.destinationTopic)
    console.log(MessageUtils.objectToJson(firstInstanceObj, true))
  }
)

addFileReputationChangeCallback(repChangeCallback)

Registers a callback with the client to receive file reputation change events. Each reputation change event that is received from the DXL fabric will cause this method to be invoked with the corresponding reputation change information.

Reputation Change Information

The Reputation Change information is provided as an object via the first parameter delivered to the callback.

An example reputation change object is shown below:

{
  "hashes": {
    "md5": "f2c7bb8acc97f92e987a2d4087d021b1",
    "sha1": "7eb0139d2175739b3ccb0d1110067820be6abd29",
    "sha256": "142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2"
  },
  "newReputations": {
    "1": {
      "attributes": {
        "2120340": "2139160704"
      },
      "createDate": 1480455704,
      "providerId": 1,
      "trustLevel": 99
    },
    "3": {
      "attributes": {
        "2101652": "235",
        "2102165": "1476902802",
        "2111893": "244",
        "2114965": "4",
        "2139285": "73183493944770750"
      },
      "createDate": 1476902802,
      "providerId": 3,
      "trustLevel": 99
    }
  },
  "oldReputations": {
    "1": {
      "attributes": {
        "2120340": "2139160704"
      },
      "createDate": 1480455704,
      "providerId": 1,
      "trustLevel": 99
    },
    "3": {
      "attributes": {
        "2101652": "235",
        "2102165": "1476902802",
        "2111893": "244",
        "2114965": "4",
        "2139285": "73183493944770750"
      },
      "createDate": 1476902802,
      "providerId": 3,
      "trustLevel": 85
    }
  },
  "updateTime": 1481219581
}

The top level property names in the object are listed in the FileRepChangeEventProp constants module.

The reputation change information is separated into 4 distinct sections:

Hash values

Keyed in the object by the "hashes" string.

An object of hashes that identify the file whose reputation has changed. The key in each property is the hash type and the value is the hex representation of the hash value. See the HashType module for the list of hash type constants.

New reputations

Keyed in the object by the "newReputations" string.

The new Reputations for the file whose reputation has changed, as an object.

The key for each property in the object corresponds to a particular provider of the associated reputation. The list of file reputation providers can be found in the FileProvider constants module.

Each reputation contains a standard set of properties (trust level, creation date, etc.). These properties are listed in the FileReputationProp constants module.

Each reputation can also contain a provider-specific set of attributes as an object. These attributes can be found in the following modules:

Module Description
FileEnterpriseAttrib Attributes associated with the Enterprise reputation provider for files.
FileGtiAttrib Attributes associated with the Global Threat Intelligence (GTI) reputation provider for files.
AtdAttrib Attributes associated with the Advanced Threat Defense (ATD) reputation provider.

Old reputations

Keyed in the object by the "oldReputations" string.

The previous Reputations for the file whose reputation has changed, as an object.

See the "New reputations" section above for additional information regarding reputation details.

Change time

Keyed in the object by the "updateTime" string.

The time the reputation change occurred (Epoch time).

Parameters:
Name Type Description
repChangeCallback function

Callback that will receive file reputation change events. The first parameter passed to the callback function is an object decoded from the JSON payload of the event content. The second parameter passed to the callback function is the full DXL Event object.
Source:
Example
tieClient.addFileReputationChangeCallback(
  function (repChangeObj, originalEvent) {
    console.log('Reputation change on topic: ' +
      originalEvent.destinationTopic)
    console.log(MessageUtils.objectToJson(repChangeObj, true))
  }
)

getCertificateFirstReferences(callback, sha1, publicKeySha1opt, queryLimitopt)

Retrieves the set of systems which have referenced the specified certificate (as identified by hashes).

Systems

The systems that have referenced the file is provided as an array of objects via the second parameter delivered to the callback.

An example array is shown below:

[
  {
    "agentGuid": "{3a6f574a-3e6f-436d-acd4-bcde336b054d}",
    "date": 1475873692
  },
  {
    "agentGuid": "{68125cd6-a5d8-11e6-348e-000c29663178}",
    "date": 1478626172
  }
]

Each entry in the array is an object containing details about a system that has referenced the certificate. See the FirstRefProp constants module for details about the information that is available for each system in the object.

Parameters:
Name Type Attributes Default Description
callback function

Callback function to invoke with the results of the first references lookup. If an error occurs when performing the lookup, the first parameter supplied to the callback contains an Error object with failure details. On successful lookup, an array containing an object for each system that has referenced the certificate is provided as the second parameter to the callback.
sha1 String

The SHA-1 of the certificate.
publicKeySha1 String <optional>

The SHA-1 of the certificate's public key.
queryLimit Number <optional>
 500

The maximum number of results to return.
Source:
Example
var CERTIFICATE_BODY_SHA1 = '6eae26db8c13182a7947982991b4321732cc3de2'
var CERTIFICATE_PUBLIC_KEY_SHA1 = '3b87a2d6f39770160364b79a152fcc73bae27adf'

tieClient.getCertificateFirstReferences(
  function (error, systems) {
    if (error) {
      console.log('Error getting certificate references: ' + error.message)
    } else {
      console.log('\nSystems that have referenced the certificate:\n')
      systems.forEach(function (system) {
        console.log('\t' + system[FirstRefProp.SYSTEM_GUID] + ': ' +
          EpochUtil.toLocalTimeString(system[FirstRefProp.DATE])
        )
      })
    }
  },
  CERTIFICATE_BODY_SHA1,
  CERTIFICATE_PUBLIC_KEY_SHA1
)

getCertificateReputation(callback, sha1, publicKeySha1opt)

Retrieves the reputations for the specified certificate (as identified by the SHA-1 of the certificate and optionally the SHA-1 of the certificate's public key)

While the SHA-1 of the certificate is required, passing the optional SHA-1 of the certificate's public key can result in additional reputations being located across the set of certificate reputation providers.

Reputations

The Reputations for the file is provided as an object via the second parameter delivered to the callback.

The key for each property in the object corresponds to a particular provider of the associated reputation. The list of file reputation providers can be found in the FileProvider constants module.

An example reputations object is shown below:

{
  "2": {
    "attributes": {
      "2108821": "92",
      "2109077": "1454912619",
      "2117524": "0",
      "2120596": "0"
    },
    "createDate": 1476318514,
    "providerId": 2,
    "trustLevel": 99
  },
  "4": {
    "attributes": {
      "2109333": "4",
      "2109589": "1476318514",
      "2139285": "73183493944770750"
    },
    "createDate": 1476318514,
    "providerId": 4,
    "trustLevel": 0
  }
}

The "2" key corresponds to a reputation from the "Global Threat Intelligence (GTI)" reputation provider while the "4" key corresponds to a reputation from the "Enterprise" reputation provider.

Each reputation contains a standard set of properties (trust level, creation date, etc.). These properties are listed in the CertReputationProp constants module.

The following example shows how to access the trust level property of the "Enterprise" reputation:

var trustLevel = reputationsObj[CertProvider.ENTERPRISE][CertReputationProp.TRUST_LEVEL]

Each reputation can also contain a provider-specific set of attributes as an object. These attributes can be found in the following modules:

Module Description
CertEnterpriseAttrib Attributes associated with the Enterprise reputation provider for certificates.
CertGtiAttrib Attributes associated with the Global Threat Intelligence (GTI) reputation provider for certificates.

The following example shows how to access the prevalence attribute from the "Enterprise" reputation:

var entRep = reputationsObj[CertProvider.ENTERPRISE]
var entRepAttribs = entRep[CertReputationProp.ATTRIBUTES]
var prevalence = Number(entRepAttribs[CertEnterpriseAttrib.PREVALENCE])
Parameters:
Name Type Attributes Description
callback function

Callback function to invoke with the results of the reputation lookup. If an error occurs when performing the lookup, the first parameter supplied to the callback contains an Error object with failure details. On successful lookup, a reputations object is provided as the second parameter to the callback. Each property value in the reputations object is a reputation from a particular reputation provider, which is identified by the key. The list of certificate reputation providers can be found in the CertProvider constants module.
sha1 String

The SHA-1 of the certificate.
publicKeySha1 String <optional>

The SHA-1 of the certificate's public key.
Source:
Example
var CERTIFICATE_BODY_SHA1 = '6eae26db8c13182a7947982991b4321732cc3de2'
var CERTIFICATE_PUBLIC_KEY_SHA1 = '3b87a2d6f39770160364b79a152fcc73bae27adf'
tieClient.getCertReputation(
  function (error, reputations) {
    if (error) {
      console.log('Error getting certificate reputations: ' + error.message)
    } else {
      console.log('Certificate reputations:')
      console.log(MessageUtils.objectToJson(reputations, true))
    }
  },
  CERTIFICATE_BODY_SHA1,
  CERTIFICATE_PUBLIC_KEY_SHA1
)

getFileFirstReferences(callback, hashes, queryLimitopt)

Retrieves the set of systems which have referenced (typically executed) the specified file (as identified by hashes).

Systems

The systems that have referenced the file is provided as an array of objects via the second parameter delivered to the callback.

An example array is shown below:

[
  {
    "agentGuid": "{3a6f574a-3e6f-436d-acd4-bcde336b054d}",
    "date": 1475873692
  },
  {
    "agentGuid": "{68125cd6-a5d8-11e6-348e-000c29663178}",
    "date": 1478626172
  }
]

Each entry in the array is an object containing details about a system that has referenced the file. See the FirstRefProp constants module for details about the information that is available for each system in the object.

Parameters:
Name Type Attributes Default Description
callback function

Callback function to invoke with the results of the first references lookup. If an error occurs when performing the lookup, the first parameter supplied to the callback contains an Error object with failure details. On successful lookup, an array containing an object for each system that has referenced the file is provided as the second parameter to the callback.
hashes Object

An object of hashes that identify the file to lookup. The key for each property is the hash type and the corresponding value is the hex representation of the hash value. See the HashType module for the list of hash type constants.
queryLimit Number <optional>
 500

The maximum number of results to return.
Source:
Example
var fileHashes = {}
fileHashes[HashType.MD5] = 'f2c7bb8acc97f92e987a2d4087d021b1'
fileHashes[HashType.SHA1] = '7eb0139d2175739b3ccb0d1110067820be6abd29'
fileHashes[HashType.SHA256] = '142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2'

tieClient.getFileFirstReferences(
  function (error, systems) {
    if (error) {
      console.log('Error getting file references: ' + error.message)
    } else {
      console.log('\nSystems that have referenced the file:\n')
      systems.forEach(function (system) {
        console.log('\t' + system[FirstRefProp.SYSTEM_GUID] + ': ' +
          EpochUtil.toLocalTimeString(system[FirstRefProp.DATE])
        )
      })
    }
  },
  fileHashes
)

getFileReputation(callback, hashes)

Retrieves the reputations for the specified file (as identified by hashes)

At least one hash value of a particular hash type (MD5, SHA-1, etc.) must be specified. Passing additional hashes increases the likelihood of other reputations being located across the set of file reputation providers.

Reputations

The Reputations for the file is provided as an object via the second parameter delivered to the callback.

The key for each property in the object corresponds to a particular provider of the associated reputation. The list of file reputation providers can be found in the FileProvider constants module.

An example reputations object is shown below:

{
  "1": {
    "attributes": {
      "2120340": "2139160704"
    },
    "createDate": 1480455704,
    "providerId": 1,
    "trustLevel": 99
  },
  "3": {
    "attributes": {
      "2101652": "52",
      "2102165": "1476902802",
      "2111893": "56",
      "2114965": "1",
      "2139285": "73183493944770750"
    },
    "createDate": 1476902802,
    "providerId": 3,
    "trustLevel": 99
  }
}

The "1" key corresponds to a reputation from the "Global Threat Intelligence (GTI)" reputation provider while the "3" key corresponds to a reputation from the "Enterprise" reputation provider.

Each reputation contains a standard set of properties (trust level, creation date, etc.). These properties are listed in the FileReputationProp constants module.

The following example shows how to access the trust level property of the "Enterprise" reputation:

var trustLevel = reputationsObj[FileProvider.ENTERPRISE][FileReputationProp.TRUST_LEVEL]

Each reputation can also contain a provider-specific set of attributes as an object. These attributes can be found in the following modules:

Module Description
FileEnterpriseAttrib Attributes associated with the Enterprise reputation provider for files.
FileGtiAttrib Attributes associated with the Global Threat Intelligence (GTI) reputation provider for files.
AtdAttrib Attributes associated with the Advanced Threat Defense (ATD) reputation provider.

The following example shows how to access the prevalence attribute from the "Enterprise" reputation:

var entRep = reputationsObj[FileProvider.ENTERPRISE]
var entRepAttribs = entRep[FileReputationProp.ATTRIBUTES]
var prevalence = Number(entRepAttribs[FileEnterpriseAttrib.PREVALENCE])
Parameters:
Name Type Description
callback function

Callback function to invoke with the results of the reputation lookup. If an error occurs when performing the lookup, the first parameter supplied to the callback contains an Error object with failure details. On successful lookup, a reputations object is provided as the second parameter to the callback. Each property value in the reputations object is a reputation from a particular reputation provider, which is identified by the key. The list of file reputation providers can be found in the FileProvider constants module.
hashes Object

An object of hashes that identify the file to retrieve the reputations for. The key for each property is the hash type and the value is the hex representation of the hash value. See the HashType module for the list of hash type constants.
Source:
Example
var hashes = {}
hashes[HashType.MD5] = 'f2c7bb8acc97f92e987a2d4087d021b1'
hashes[HashType.SHA1] = '7eb0139d2175739b3ccb0d1110067820be6abd29'
hashes[HashType.SHA256] = '142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2'
tieClient.getFileReputation(
  function (error, reputations) {
    if (error) {
      console.log('Error getting file reputations: ' + error.message)
    } else {
      console.log('File reputations:')
      console.log(MessageUtils.objectToJson(reputations, true))
    }
  },
  hashes
)

removeCertificateReputationChangeCallback(repChangeCallback)

Unregisters a callback from the client so that it will no longer receive certificate reputation change events.

Parameters:
Name Type Description
repChangeCallback function

The callback instance to unregister.
Source:

removeFileDetectionCallback(detectionCallback)

Unregisters a callback from the client so that it will no longer receive file detection events.

Parameters:
Name Type Description
detectionCallback function

The callback instance to unregister.
Source:

removeFileFirstInstanceCallback(firstInstanceCallback)

Unregisters a callback from the client so that it will no longer receive file first instance events.

Parameters:
Name Type Description
firstInstanceCallback function

The callback instance to unregister.
Source:

removeFileReputationChangeCallback(repChangeCallback)

Unregisters a callback from the client so that it will no longer receive file reputation change events.

Parameters:
Name Type Description
repChangeCallback function

The callback instance to unregister.
Source:

setCertificateReputation(callback, trustLevel, sha1, publicKeySha1opt, commentopt)

Sets the "Enterprise" reputation (trust level) of a specified certificate (as identified by hashes).

Client Authorization

The OpenDXL Python client invoking this method must have permission to send messages to the /mcafee/service/tie/cert/reputation/set topic, which is part of the TIE Server Set Enterprise Reputation authorization group.

The following page provides an example of authorizing a Python client to send messages to an authorization group. While the example is based on McAfee Active Response (MAR), the instructions are the same with the exception of swapping the TIE Server Set Enterprise Reputation authorization group in place of Active Response Server API:

https://opendxl.github.io/opendxl-client-python/pydoc/marsendauth.html

Parameters:
Name Type Attributes Description
callback function

Callback to invoke after setting the certificate reputation. If an error occurs when attempting to set the reputation, the first parameter supplied to the callback contains an Error object with failure details. If no error occurs, the first parameter supplied to the callback is null.
trustLevel Number

The new trust level for the certificate. The list of standard trust levels can be found in the TrustLevel constants module.
sha1 String

The SHA-1 of the certificate.
publicKeySha1 String <optional>

The SHA-1 of the certificate's public key.
comment String <optional>

A comment to associate with the certificate.
Source:
Example
var CERTIFICATE_BODY_SHA1 = '6eae26db8c13182a7947982991b4321732cc3de2'
var CERTIFICATE_PUBLIC_KEY_SHA1 = '3b87a2d6f39770160364b79a152fcc73bae27adf'
tieClient.setCertificateReputation(
  function (error) {
    if (error) {
      console.log('Error: ' + error.message)
    } else {
      console.log('Succeeded')
    }
  },
  TrustLevel.KNOWN_TRUSTED,
  CERTIFICATE_BODY_SHA1,
  CERTIFICATE_PUBLIC_KEY_SHA1,
  'Reputation set via OpenDXL'
)

setFileReputation(callback, trustLevel, hashes, filenameopt, commentopt)

Sets the "Enterprise" reputation (trust level) of a specified file (as identified by hashes).

Client Authorization

The OpenDXL Python client invoking this method must have permission to send messages to the /mcafee/service/tie/file/reputation/set topic, which is part of the TIE Server Set Enterprise Reputation authorization group.

The following page provides an example of authorizing a Python client to send messages to an authorization group. While the example is based on McAfee Active Response (MAR), the instructions are the same with the exception of swapping the TIE Server Set Enterprise Reputation authorization group in place of Active Response Server API:

https://opendxl.github.io/opendxl-client-python/pydoc/marsendauth.html

Parameters:
Name Type Attributes Description
callback function

Callback to invoke after setting the file reputation. If an error occurs when attempting to set the reputation, the first parameter supplied to the callback contains an Error object with failure details. If no error occurs, the first parameter supplied to the callback is null.
trustLevel Number

The new trust level for the file. The list of standard trust levels can be found in the TrustLevel constants module.
hashes Object

An object of hashes that identify the file to update the reputation for. The key in each property is the hash type and the value is the hex representation of the hash value. See the HashType module for the list of hash type constants.
filename String <optional>

A file name to associate with the file.
comment String <optional>

A comment to associate with the file.
Source:
Example
var hashes = {}
hashes[HashType.MD5] = 'f2c7bb8acc97f92e987a2d4087d021b1'
hashes[HashType.SHA1] = '7eb0139d2175739b3ccb0d1110067820be6abd29'
hashes[HashType.SHA256] = '142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2'
tieClient.setFileReputation(
  function (error) {
    if (error) {
      console.log('Error: ' + error.message)
    } else {
      console.log('Succeeded')
    }
  },
  TrustLevel.KNOWN_TRUSTED,
  hashes,
  'notepad.exe',
  'Reputation set via OpenDXL'
)