FireEye HX

FireEye Endpoint Security is an integrated solution that detects and protects endpoints against known and unknown threats. This integration provides access to information about endpoints, acquisitions, alerts, indicators, and containment. You can extract critical data and effectively operate the security operations automated playbook.

Deprecated. Use FireEyeHX v2 instead.

This playbook unisolates endpoints according to the hostname/endpoint ID that is provided by the playbook input.

This playbook facilitates threat hunting and detection of IOCs within FireEye Endpoint Security (HX) utilizing three sub-playbooks. The sub-playbooks query FireEye HX for different indicators including files, traffic, and execution flow indicators.

Note that multiple search values should be separated by commas only (without spaces or any special characters).

Supported IOCs for this playbook:

• MD5
• SHA1
• SHA256
• IP Address
• URLDomain
• Registry Value
• Registry Key
• File Name
• Process Name
• Port Number
• File Path
• FileType

This playbook queries FireEye Endpoint Security (HX) for file indicators, including MD5 hashes, SHA256 hashes, SHA1 hashes, file names, file paths, and file types.

Note that multiple search values should be separated by commas only (without spaces or any special characters).

This playbook queries FireEye Endpoint Security (HX) for traffic indicators, including IP addresses, URLs, domains, and ports.

Note that multiple search values should be separated by commas only (without spaces or any special characters).

This playbook queries FireEye Endpoint Security (HX) for execution flow indicators, including processes name, registry keys, registry values, and applications.

Note that multiple search values should be separated by commas only (without spaces or any special characters).

This playbook will auto isolate endpoints by the endpoint ID that was provided in the playbook.

Palo Alto Networks FireEye HX Event Collector integration for XSIAM.

FireEye Endpoint Security is an integrated solution that detects and protects endpoints against known and unknown threats. This integration provides access to information about endpoints, acquisitions, alerts, indicators, and containment. You can extract critical data and effectively operate the security operations automated playbook.

Deprecated. Use FireEyeHX v2 instead.

This playbook unisolates endpoints according to the hostname/endpoint ID that is provided by the playbook input.

This playbook facilitates threat hunting and detection of IOCs within FireEye Endpoint Security (HX) utilizing three sub-playbooks. The sub-playbooks query FireEye HX for different indicators including files, traffic, and execution flow indicators.

Note that multiple search values should be separated by commas only (without spaces or any special characters).

Supported IOCs for this playbook:

• MD5
• SHA1
• SHA256
• IP Address
• URLDomain
• Registry Value
• Registry Key
• File Name
• Process Name
• Port Number
• File Path
• FileType

This playbook queries FireEye Endpoint Security (HX) for file indicators, including MD5 hashes, SHA256 hashes, SHA1 hashes, file names, file paths, and file types.

Note that multiple search values should be separated by commas only (without spaces or any special characters).

This playbook queries FireEye Endpoint Security (HX) for traffic indicators, including IP addresses, URLs, domains, and ports.

Note that multiple search values should be separated by commas only (without spaces or any special characters).

This playbook queries FireEye Endpoint Security (HX) for execution flow indicators, including processes name, registry keys, registry values, and applications.

Note that multiple search values should be separated by commas only (without spaces or any special characters).

This playbook will auto isolate endpoints by the endpoint ID that was provided in the playbook.