Attributes associated with file reputations returned by the
Enterprise reputation provider.
| Name | Numeric | Description |
|---|---|---|
| PREVALENCE | 2101652 | The count of unique systems that have executed the file. |
| FIRST_CONTACT | 2102165 | The time the file was first seen (Epoch time). |
| ENTERPRISE_SIZE | 2111893 | The count of systems within the local enterprise. |
| MIN_LOCAL_REP | 2112148 | The lowest reputation found locally on a system. |
| MAX_LOCAL_REP | 2112404 | The highest reputation found locally on a system. |
| AVG_LOCAL_REP | 2112660 | The average reputation found locally on systems. |
| PARENT_MIN_LOCAL_REP | 2112916 | The lowest reputation for the parent found locally on a system. |
| PARENT_MAX_LOCAL_REP | 2113172 | The highest reputation for the parent found locally on a system. |
| PARENT_AVG_LOCAL_REP | 2113428 | The average reputation for the parent found locally on systems. |
| DETECTION_COUNT | 2113685 | The count of detections for the file or certificate. |
| LAST_DETECTION_TIME | 2113942 | The last time a detection occurred (Epoch time). |
| FILE_NAME_COUNT | 2114965 | The count of unique file names for the file. |
| IS_PREVALENT | 2123156 | Whether the file is considered to be prevalent within the enterprise. |
| PARENT_FILE_REPS | 2138264 | The parent file reputations (aggregate string). |
| CHILD_FILE_REPS | 2138520 | The child file reputations (aggregate string). |
| SERVER_VERSION | 2139285 | The version of the TIE server that returned the reputations (encoded version string). |
Members
(static) AVG_LOCAL_REP
The average reputation found locally on systems.
(static) CHILD_FILE_REPS
The child file reputations (aggregate string).
Use the toAggregateArray helper function to parse this attribute.
(static) DETECTION_COUNT
The count of detections for the file or certificate.
(static) ENTERPRISE_SIZE
The count of systems within the local enterprise.
(static) FILE_NAME_COUNT
The count of unique file names for the file.
(static) FIRST_CONTACT
The time the file was first seen (Epoch time).
See the EpochUtil module for helper methods used to parse the Epoch time.
(static) IS_PREVALENT
Whether the file is considered to be prevalent within the enterprise.
(static) LAST_DETECTION_TIME
The last time a detection occurred (Epoch time).
See the EpochUtil module for helper methods used to parse the Epoch time.
(static) MAX_LOCAL_REP
The highest reputation found locally on a system.
(static) MIN_LOCAL_REP
The lowest reputation found locally on a system.
(static) PARENT_AVG_LOCAL_REP
The average reputation for the parent found locally on systems.
(static) PARENT_FILE_REPS
The parent file reputations (aggregate string).
Use the toAggregateArray helper function to parse this attribute.
(static) PARENT_MAX_LOCAL_REP
The highest reputation for the parent found locally on a system.
(static) PARENT_MIN_LOCAL_REP
The lowest reputation for the parent found locally on a system.
(static) PREVALENCE
The count of unique systems that have executed the file.
(static) SERVER_VERSION
The version of the TIE server that returned the reputations (encoded
version string).
See the toVersionArray and toVersionString helper methods used to parse the encoded version string.
Methods
(static) toAggregateArray(aggregateAttrib) → {Array.<Number>}
Returns an array containing the values from the specified aggregate string. This method will return an array containing the values that were in the aggregate string in the following order:
- The count of files
- The maximum
trust levelfound across the files - The minimum
trust levelfound across the files - The
trust levelfor the last file - The average
trust levelacross the files
For example, for a aggregateAttrib value of "AgBkADIAZABMHQ==", this
would return:
[2, 100, 50, 100, 75]- Count of files: 2
- Maximum
trust levelfound across the files: 100 - Minimum
trust levelfound across the files: 50 Trust levelfor the last file: 100- Average
trust levelacross the files: 75
Parameters:
| Name | Type | Description |
|---|---|---|
aggregateAttrib |
String | The aggregate string |
Returns:
- An array containing the values in the specified aggregate string.
- Type
- Array.<Number>
Example
var entRep = reputations_dict[FileProvider.ENTERPRISE]
var entRepAttribs = entRep[FileReputationProp.ATTRIBUTES]
var aggregateArray = FileEnterpriseAttrib.toAggregateArray(
entRepAttribs[FileEnterpriseAttrib.CHILD_FILE_REPS])(static) toVersionArray(versionAttrib) → {Array.<Number>}
Returns an array of version values corresponding to the specified encoded version string. This method will return an array containing the server version values in the following order:
- The major version
- The minor version
- The patch version
- The build version
For example, for a versionAttrib value of "73183493944770750", this
would return:
[1, 4, 0, 190]- Major version: 1
- Minor version: 4
- Patch version: 0
- Build version: 190
Parameters:
| Name | Type | Description |
|---|---|---|
versionAttrib |
String | The encoded version string |
Returns:
- An array corresponding to the specified encoded version string
- Type
- Array.<Number>
Example
var entRep = reputationsObj[FileProvider.ENTERPRISE]
var entRepAttribs = entRep[FileReputationProp.ATTRIBUTES]
var versionArray = FileEnterpriseAttrib.toVersionArray(
entRepAttribs[FileEnterpriseAttrib.SERVER_VERSION])(static) toVersionString(versionAttrib) → {String}
Returns a version string corresponding to the specified encoded version string.
For example, for a versionAttrib value of "73183493944770750", this would
return "1.4.0.190".
Parameters:
| Name | Type | Description |
|---|---|---|
versionAttrib |
String | The encoded version string |
Returns:
- A version string corresponding to the specified encoded version string
- Type
- String
Example
var entRep = reputationsObj[FileProvider.ENTERPRISE]
var entRepAttribs = entRep[FileReputationProp.ATTRIBUTES]
var versionArray = FileEnterpriseAttrib.toVersionString(
entRepAttribs[FileEnterpriseAttrib.SERVER_VERSION])