Skip to main content

FireEye HX

Download With Dependencies

FireEye Endpoint Security is an integrated solution that detects and protects endpoints against known and unknown threats. The FireEye HX Cortex XSOAR integration provides access to information about endpoints, acquisitions, alerts, indicators, and containment. Customers can extract critical data and effectively operate the security operations automated playbooks.

FireEye HX

This pack includes Cortex XSIAM content.

Configuration on Server Side

Raw syslog audit messages

In order to configure FireEye HX to send syslog audit logs, refer to FireEye HX Endpoint Security Server System Administration Guide (Configuring a Syslog Server Using the CLI).
Make sure to configure the syslog timestamp format to be RFC-3339 UTC.

CEF format logs

In order to configure FireEye HX to send CEF logs, refer to FireEye HX Endpoint Security Server System Administration Guide.

For further assistant, contact the tech support of FireEye HX.

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

To create or configure the Broker VM, use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to Settings > Configuration > Data Broker > Broker VMs.
  2. Go to the apps tab and add the Syslog app. If it already exists, click the Syslog app and then click Configure.
  3. Click Add New.
  4. When configuring the Syslog Collector, set the following values:
    • vendor as fireeye
    • product as hx_audit
    • format as Auto-Detect
    • protocol as UDP

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 30, 2020
Last ReleaseDecember 18, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.