Hi,
The solution posts are managed by the partner companies and they have to update it. Perhaps posting this on the individual solution will alert the companies to update their solutions.
Thanks,
Viji
Hi,
The solution posts are managed by the partner companies and they have to update it. Perhaps posting this on the individual solution will alert the companies to update their solutions.
Thanks,
Viji
Hi msell,
The python client does not read this client options from the config. The broker list and the proxy information is supported but not other client options like mentioned. They have to set in the client.
Thanks,
Viji
Hi Dile,
Here are some suggestions.
1. You can send out an event to see who can handle it and then pick the first one that responds to it and send a targeted message to that client to process it.
2. When a client handles the message , any other client attempting it can be a no operation. Once it completes it can even send out a completed message
If these suggestions do not help, please provide more context and we will be able to assist you.
Hi Pete,
We are investigating the issue and will get back to you as soon as possible.
Thanks,
Viji
Hi
It is referring to the Cloud Commander file manager and editor. You do not need to update it at this time. We had some compatibility issues with newer versions and hence did not update.
Thanks,
Viji
Hi
For your first use case, like Chris mentioned you can do that using ePO, TheHive and Node-RED integration.
Thanks,
Viji
Hi ,
I don't know the exact topics used in the integration but in general, If you know the topic , you can use the DXL console (
) to send messages and verify that it is working. Checkpoint documentation should provide the payload format to use.Looks like the your community post also got some suggestions .
There are several products that provide queries for file reputation. Ex McAfee Threat Intelligence Exchange.
Check the Solutions page for McAfee and other products that you can look at. The streaming part will depend on the product you are using.
Regarding a standard format, we are working on creating standards for sharing cybersecurity data.See Open Cybersecurity Alliance site for more details on this initiative.
Viji
Hi Mark,
I will take a look at your updated files.
Thanks,
Viji
Hi Mark,
You mentioned that you have moved the node-red modules and python from the startup.sh. After that are you still seeing outgoing connections?
Let us know if we need to investigate this further.
Thanks,
Viji
Hi Eduard,
We tried to reproduce the issue with the versions you mentioned but we could not. It might make the most sense to open a support ticket with McAfee to get it resolved quickly.
Thanks,
Viji
Pawel,
Like you mentioned , the certificates that allows clients which are MA managed, are exchanged between the connected ePO servers.
Regarding the Open CA, since there is currently no easy ways for admins to see open clients especially from other ePO servers. So this was intentionally not exchanged.
When you import the certificate, it is visible in the UI and the admin is aware.
If you see a use case where this will be needed in a production environment , we can consider ways to make this easier.
Thanks
Viji
Due to security reasons, there is no automated way to do this and the steps depend on how you provisioned your certificate.
1. If you used your own CA/certificate then you have to upload it to the other ePO in Server Settings->DXL Certificates (Third Party).
You have to wake up all the brokers in the other ePO to update their keystore.
2. If you used the dxlclient provisionconfig , then your certificate is signed by the OpenCA and you can only get that from the DXL Broker keystore.
You can get that from any broker from the other ePO that you want to connect to so it does require an administrator to get that file.
If you would like to take this approach then let us know and we can provide more steps.
Thanks
Viji
Hi Pawel,
We are trying to reproduce it locally and will respond as soon as possible.
Viji
Indu,
Yes for now you have to manually go to ePO to get the updates and apply it to your clients. We are working on making that process easier and post the update as soon as we can.
Viji
Camila,
If your request is timing out, you can try increasing the timeout of the sync_request as shown below.
If the above does not work and you want to make an async_request , you have to create a callback and invoke it as shown below
For more details look at this example of invoking an async_request.
The bootstrap currently only has sync_request but it is not hard to modify your code to make it async.
The Python client project has tests which use nose. They should provide some idea on how to use it with the dxlclient module.
Regarding the mocks, can you provide more info on what you are trying? You mention mocking dxlclient.connect, but seems like you might also need to mock other calls like sync_request for building your solution.
Viji
New guide posted that introduces the OpenDXL Bootstrap Application. The purpose of OpenDXL Bootstrap is to significantly reduce the time necessary to create an OpenDXL solution.
Please refer to the Solution Submission Guide that covers the steps and associated requirements necessary to submit a solution and have it approved.
Thanks
Viji