Skip to content

FireEye Endpoint Security

FireEye Endpoint Security begins with the knowledge of threats learned from Mandiant front line incident responders. This knowledge enables their team to develop responses targeted to the various Tactics, Techniques, and Procedures (TTPs) of the threats.

Chronicle Data Types

  • FIREEYE_ALERT

Configuration - API Integration

Cyderes requires the ability to use FireEye's HX API to obtain alerts on threats and then enrich those alerts with detailed endpoint data and telemetry

  1. Login to the HX management console with an administrator account
  2. In the HX management console, create a user
  3. Username: cyderes
  4. Role: Monitor
  5. Password: create a strong password
  6. Save this information
  7. Navigate back to Settings > Notifications > rsyslog
  8. Check the Event type check box

  9. Make sure Rsyslog settings are:

    • Default format: JSON – Concise
    • Default delivery: Per event
    • Default send as: Alert

  10. Click Apply Settings

Gather Information

Provide the following information to Cyderes to complete implementation:

  • The unique FQDN of the HX console
  • Username
  • Password