Module: FileEnterpriseAttrib

Attributes associated with file reputations returned by the Enterprise reputation provider.

Name Numeric Description
PREVALENCE 2101652 The count of unique systems that have executed the file.
FIRST_CONTACT 2102165 The time the file was first seen (Epoch time).
ENTERPRISE_SIZE 2111893 The count of systems within the local enterprise.
MIN_LOCAL_REP 2112148 The lowest reputation found locally on a system.
MAX_LOCAL_REP 2112404 The highest reputation found locally on a system.
AVG_LOCAL_REP 2112660 The average reputation found locally on systems.
PARENT_MIN_LOCAL_REP 2112916 The lowest reputation for the parent found locally on a system.
PARENT_MAX_LOCAL_REP 2113172 The highest reputation for the parent found locally on a system.
PARENT_AVG_LOCAL_REP 2113428 The average reputation for the parent found locally on systems.
DETECTION_COUNT 2113685 The count of detections for the file or certificate.
LAST_DETECTION_TIME 2113942 The last time a detection occurred (Epoch time).
FILE_NAME_COUNT 2114965 The count of unique file names for the file.
IS_PREVALENT 2123156 Whether the file is considered to be prevalent within the enterprise.
PARENT_FILE_REPS 2138264 The parent file reputations (aggregate string).
CHILD_FILE_REPS 2138520 The child file reputations (aggregate string).
SERVER_VERSION 2139285 The version of the TIE server that returned the reputations (encoded version string).
Source:

Members

(static) AVG_LOCAL_REP

The average reputation found locally on systems.

Source:

(static) CHILD_FILE_REPS

The child file reputations (aggregate string).

Use the toAggregateArray helper function to parse this attribute.

Source:

(static) DETECTION_COUNT

The count of detections for the file or certificate.

Source:

(static) ENTERPRISE_SIZE

The count of systems within the local enterprise.

Source:

(static) FILE_NAME_COUNT

The count of unique file names for the file.

Source:

(static) FIRST_CONTACT

The time the file was first seen (Epoch time).

See the EpochUtil module for helper methods used to parse the Epoch time.

Source:

(static) IS_PREVALENT

Whether the file is considered to be prevalent within the enterprise.

Source:

(static) LAST_DETECTION_TIME

The last time a detection occurred (Epoch time).

See the EpochUtil module for helper methods used to parse the Epoch time.

Source:

(static) MAX_LOCAL_REP

The highest reputation found locally on a system.

Source:

(static) MIN_LOCAL_REP

The lowest reputation found locally on a system.

Source:

(static) PARENT_AVG_LOCAL_REP

The average reputation for the parent found locally on systems.

Source:

(static) PARENT_FILE_REPS

The parent file reputations (aggregate string).

Use the toAggregateArray helper function to parse this attribute.

Source:

(static) PARENT_MAX_LOCAL_REP

The highest reputation for the parent found locally on a system.

Source:

(static) PARENT_MIN_LOCAL_REP

The lowest reputation for the parent found locally on a system.

Source:

(static) PREVALENCE

The count of unique systems that have executed the file.

Source:

(static) SERVER_VERSION

The version of the TIE server that returned the reputations (encoded version string).

See the toVersionArray and toVersionString helper methods used to parse the encoded version string.

Source:

Methods

(static) toAggregateArray(aggregateAttrib) → {Array.<Number>}

Returns an array containing the values from the specified aggregate string. This method will return an array containing the values that were in the aggregate string in the following order:

  • The count of files
  • The maximum trust level found across the files
  • The minimum trust level found across the files
  • The trust level for the last file
  • The average trust level across the files

For example, for a aggregateAttrib value of "AgBkADIAZABMHQ==", this would return:

[2, 100, 50, 100, 75]
  • Count of files: 2
  • Maximum trust level found across the files: 100
  • Minimum trust level found across the files: 50
  • Trust level for the last file: 100
  • Average trust level across the files: 75
Parameters:
Name Type Description
aggregateAttrib String

The aggregate string

Source:
Returns:
  • An array containing the values in the specified aggregate string.
Type
Array.<Number>
Example
var entRep = reputations_dict[FileProvider.ENTERPRISE]
var entRepAttribs = entRep[FileReputationProp.ATTRIBUTES]
var aggregateArray = FileEnterpriseAttrib.toAggregateArray(
  entRepAttribs[FileEnterpriseAttrib.CHILD_FILE_REPS])

(static) toVersionArray(versionAttrib) → {Array.<Number>}

Returns an array of version values corresponding to the specified encoded version string. This method will return an array containing the server version values in the following order:

  • The major version
  • The minor version
  • The patch version
  • The build version

For example, for a versionAttrib value of "73183493944770750", this would return:

[1, 4, 0, 190]
  • Major version: 1
  • Minor version: 4
  • Patch version: 0
  • Build version: 190
Parameters:
Name Type Description
versionAttrib String

The encoded version string

Source:
Returns:
  • An array corresponding to the specified encoded version string
Type
Array.<Number>
Example
var entRep = reputationsObj[FileProvider.ENTERPRISE]
var entRepAttribs = entRep[FileReputationProp.ATTRIBUTES]
var versionArray = FileEnterpriseAttrib.toVersionArray(
  entRepAttribs[FileEnterpriseAttrib.SERVER_VERSION])

(static) toVersionString(versionAttrib) → {String}

Returns a version string corresponding to the specified encoded version string.

For example, for a versionAttrib value of "73183493944770750", this would return "1.4.0.190".

Parameters:
Name Type Description
versionAttrib String

The encoded version string

Source:
Returns:
  • A version string corresponding to the specified encoded version string
Type
String
Example
var entRep = reputationsObj[FileProvider.ENTERPRISE]
var entRepAttribs = entRep[FileReputationProp.ATTRIBUTES]
var versionArray = FileEnterpriseAttrib.toVersionString(
  entRepAttribs[FileEnterpriseAttrib.SERVER_VERSION])