FireEye ETP

Details
Content
Dependencies
Version History

FireEye Email Threat Prevention (ETP Cloud) is a cloud-based platform that protects against advanced email attacks.

The FireEye Endpoint Threat Prevention (ETP) integration with Cortex XSOAR streamlines the endpoint security investigation process within an organization and facilitates threat hunting efforts.

What does this pack do?

Retrieve specific messages from the FireEye ETP portal.
Conduct and perform threat hunting easily and effectively by utilizing the pack playbook or the fireeye-etp-search-messages command.
Analyze and investigate FireEye ETP alerts.
Receive a summary of FireEye ETP alerts.

The FireEye Endpoint Threat Prevention (ETP) integration with Cortex XSIAM streamlines the endpoint security investigation process within an organization and facilitates threat hunting efforts.

What does this pack do?

Retrieve specific messages from the FireEye ETP portal.
Conduct and perform threat hunting easily and effectively by utilizing the pack playbook or the fireeye-etp-search-messages command.
Analyze and investigate FireEye ETP alerts.
Receive a summary of FireEye ETP alerts.

Integrations

Name	Description
FireEye ETP	FireEye Email Threat Prevention (ETP Cloud) is a cloud-based platform that protects against advanced email attacks.

Playbooks

Name	Description
FireEye ETP - Indicators Hunting	This playbook queries FireEye Email Threat Prevention (ETP) for indicators such as domains, IP addresses, sender and recipient email addresses. Separate searches are conducted for each type of indicator in the playbook. Note that multiple search values should be separated by commas only (without spaces or any special characters).

Integrations

Name	Description
FireEye ETP	FireEye Email Threat Prevention (ETP Cloud) is a cloud-based platform that protects against advanced email attacks.
FireEye ETP Event Collector	Use this integration to fetch email security incidents from FireEye ETP as XSIAM events.

Modeling Rules

Name	Description
FireEye ETP Modeling Rule

Playbooks

Name	Description
FireEye ETP - Indicators Hunting	This playbook queries FireEye Email Threat Prevention (ETP) for indicators such as domains, IP addresses, sender and recipient email addresses. Separate searches are conducted for each type of indicator in the playbook. Note that multiple search values should be separated by commas only (without spaces or any special characters).

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (3)

Pack Name	Pack By
Cortex REST API	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	November 9, 2020
Last Release	February 1, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.

Integrations

FireEye ETP

Integrations

FireEye ETP

Integrations

FireEye ETP

Integrations

FireEye ETP

Playbooks

FireEye ETP - Indicators Hunting

Integrations

FireEye ETP

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER