FireEye Endpoint Security
FireEye Endpoint Security begins with the knowledge of threats learned from Mandiant front line incident responders. This knowledge enables their team to develop responses targeted to the various Tactics, Techniques and Procedures (TTPs) of the threats.
Chronicle Data Types
- Alert
- EDR
Configuration - API Integration
CYDERES requires the ability to use FireEye's HX API to obtain alerts on threats and then enrich those alerts with detailed endpoint data and telemetry.
- Login to the HX management console with an administrator account
- In the HX management console, create a user
- Username: cyderes
- Role: Monitor
- Password: create a strong password
- Save this information
- Navigate back to Settings > Notifications > rsyslog
- Check the Event type check box
-
Make sure Rsyslog settings are:
- Default format: JSON – Concise
- Default delivery: Per event
- Default send as: Alert
-
Click Apply Settings
Gather Information
Provide the following information to CYDERES for implementation.
- The unique FQDN of your HX console
- Username
- Password