Click here to expand

    FireEye Threat Solutions

    FireEye Threat Solutions

    EventLog Analyzer can process log data from FireEye and present the data in the form of graphical reports. For the solution to start collecting log data from FireEye, it has to be added as a threat source.

    Steps to add a FireEye threat source:

    To add a FireEye device as a threat source, the syslog service has to be configured on the FireEye device.

    1. Login to the FireEye device as an administrator.
      • Navigate to Settings > Notifications, select rsyslog and the Event type.
    2. Click Add Rsyslog Server.
    3. In the dialog box that opens, enter the EventLog Analyzer server IP address in the given field. Choose UDP as the protocol and the format as CEF (default).
    4. Click on Save.

    Once the device is added in EventLog Analyzer, it should then be listed as a threat source. This can be done in a few simple steps.

    1. In the EventLog Analyzer console, navigate to Settings > Configurations > Manage Threat Source > Add Source
    2. Click on Existing Host and select the device you had added from the list of existing devices.
    3. Select FireEye from the Add-on Type list.
    4. Click on Add.
    FireEye Threat Solutions

    Once the threat source is added, EventLog Analyzer will start parsing the fields in the logs. This log data can now be viewed in the form of reports.

    The reports provide information on:

    EventLog Analyzer also provides reports that give information on the top:

    Get download link