FireEye Endpoint Security is an integrated solution that detects and protects endpoints against known and unknown threats. This integration provides access to information about endpoints, acquisitions, alerts, indicators, and containment. You can extract critical data and effectively operate the security operations automated playbook.
FireEye HX
- Details
- Content
- Dependencies
- Version History
FireEye Endpoint Security is an integrated solution that detects and protects endpoints against known and unknown threats. The FireEye HX Cortex XSOAR integration provides access to information about endpoints, acquisitions, alerts, indicators, and containment. Customers can extract critical data and effectively operate the security operations automated playbooks.
Name | Description |
---|---|
FireEye HX Alert | |
FireEye HX - Incoming Mapper |
Name | Description |
---|---|
FireEye HX Alert |
Name | Description |
---|---|
FireEye HX Event Info | |
FireEye HX Agent Containment State |
Name | Description |
---|---|
FireEye Endpoint Security (HX) v2 | |
FireEye HX (Deprecated) | Deprecated. Use FireEyeHX v2 instead. |
Name | Description |
---|---|
FireEye HX - Unisolate Endpoint | This playbook unisolates endpoints according to the hostname/endpoint ID that is provided by the playbook input. |
FireEye HX - Indicators Hunting | This playbook facilitates threat hunting and detection of IOCs within FireEye Endpoint Security (HX) utilizing three sub-playbooks. The sub-playbooks query FireEye HX for different indicators including files, traffic, and execution flow indicators. Note that multiple search values should be separated by commas only (without spaces or any special characters). Supported IOCs for this playbook:
|
FireEye HX - File Indicators Hunting | This playbook queries FireEye Endpoint Security (HX) for file indicators, including MD5 hashes, SHA256 hashes, SHA1 hashes, file names, file paths, and file types. Note that multiple search values should be separated by commas only (without spaces or any special characters). |
FireEye HX - Traffic Indicators Hunting | This playbook queries FireEye Endpoint Security (HX) for traffic indicators, including IP addresses, URLs, domains, and ports. Note that multiple search values should be separated by commas only (without spaces or any special characters). |
FireEye HX - Execution Flow Indicators Hunting | This playbook queries FireEye Endpoint Security (HX) for execution flow indicators, including processes name, registry keys, registry values, and applications. Note that multiple search values should be separated by commas only (without spaces or any special characters). |
FireEye HX - Isolate Endpoint | This playbook will auto isolate endpoints by the endpoint ID that was provided in the playbook. |
Name | Description |
---|---|
FireEye HX Alert | |
FireEye HX - Incoming Mapper |
Name | Description |
---|---|
FireEye HX Alert |
Name | Description |
---|---|
FireEye HX Event Info | |
FireEye HX Agent Containment State |
Name | Description |
---|---|
FireEye HX Modeling Rule |
Name | Description |
---|---|
FireEye HX Event Collector | Palo Alto Networks FireEye HX Event Collector integration for XSIAM. |
FireEye Endpoint Security (HX) v2 | FireEye Endpoint Security is an integrated solution that detects and protects endpoints against known and unknown threats. This integration provides access to information about endpoints, acquisitions, alerts, indicators, and containment. You can extract critical data and effectively operate the security operations automated playbook. |
FireEye HX (Deprecated) | Deprecated. Use FireEyeHX v2 instead. |
Name | Description |
---|---|
FireEye HX - Unisolate Endpoint | This playbook unisolates endpoints according to the hostname/endpoint ID that is provided by the playbook input. |
FireEye HX - Indicators Hunting | This playbook facilitates threat hunting and detection of IOCs within FireEye Endpoint Security (HX) utilizing three sub-playbooks. The sub-playbooks query FireEye HX for different indicators including files, traffic, and execution flow indicators. Note that multiple search values should be separated by commas only (without spaces or any special characters). Supported IOCs for this playbook:
|
FireEye HX - File Indicators Hunting | This playbook queries FireEye Endpoint Security (HX) for file indicators, including MD5 hashes, SHA256 hashes, SHA1 hashes, file names, file paths, and file types. Note that multiple search values should be separated by commas only (without spaces or any special characters). |
FireEye HX - Traffic Indicators Hunting | This playbook queries FireEye Endpoint Security (HX) for traffic indicators, including IP addresses, URLs, domains, and ports. Note that multiple search values should be separated by commas only (without spaces or any special characters). |
FireEye HX - Execution Flow Indicators Hunting | This playbook queries FireEye Endpoint Security (HX) for execution flow indicators, including processes name, registry keys, registry values, and applications. Note that multiple search values should be separated by commas only (without spaces or any special characters). |
FireEye HX - Isolate Endpoint | This playbook will auto isolate endpoints by the endpoint ID that was provided in the playbook. |
Pack Name | Pack By |
---|---|
Base | By: Cortex XSOAR |
Common Scripts | By: Cortex XSOAR |
Pack Name | Pack By |
---|---|
Common Types | By: Cortex XSOAR |
FireEye Common Fields | By: Cortex XSOAR |
Pack Name | Pack By |
---|---|
Common Scripts | By: Cortex XSOAR |
Cortex REST API | By: Cortex XSOAR |
MITRE ATT&CK | By: Cortex XSOAR |
Integrations
FireEye Endpoint Security (HX) v2
- Fixed an issue where the fetch-incidents command would not fetch more than 50 incidents at a time.
- Fixed an issue where the fireeye-hx-file-acquisition command failed due to a timeout. Updated the timeout to 30 minutes (previously it was 10 minutes).
- Updated the Docker image to: demisto/python3:3.10.10.48392.
- 24663
- 23716
Download
Playbooks
New: FireEye HX - Indicators Hunting
Created a new comprehensive playbook that facilitates threat hunting and detection of IOCs within FireEye Endpoint Security (HX) utilizing three sub-playbooks.
The sub-playbooks query FireEye HX for different indicators including files, traffic, and execution flows indicators.
New: FireEye HX - Execution Flow Indicators Hunting
Created a new playbook for threat hunting and detection of execution flow indicators, including processes name, registry keys, registry values, and applications.
New: FireEye HX - File Indicators Hunting
Created a new playbook for threat hunting and detection of file indicators, including MD5 hashes, SHA256 hashes, SHA1 hashes, file names, file paths, and file types.
New: FireEye HX - Traffic Indicators Hunting
Created a new playbook for threat hunting and detection of traffic indicators, including IP addresses, URLs, domains, and ports.
- 23753
Download
Integrations
FireEye HX (Deprecated)
Deprecated the FireEye HX integration. Use FireEye Endpoint Security (HX) v2 instead.
FireEye Endpoint Security (HX) v2
Added new commands:
- fireeye-hx-delete-host-set
- fireeye-hx-create-host-set-static
- fireeye-hx-update-host-set-static
- fireeye-hx-create-host-set-dynamic
- fireeye-hx-update-host-set-dynamic
Playbooks
FireEye HX - Isolate Endpoint
- Updated the test playbook for this playbook.
FireEye HX - Unisolate Endpoint
- Updated the test playbook for this playbook.
- 19942
Download
PUBLISHER
PLATFORMS
INFO
Certification | Certified | Read more |
Supported By | Cortex | |
Created | June 30, 2020 | |
Last Release | May 2, 2023 |
WORKS WITH THE FOLLOWING INTEGRATIONS:

