FireEye Threat Solutions
EventLog Analyzer can process log data from FireEye and present the data in the form of graphical reports. For the solution to start collecting log data from FireEye, it has to be added as a threat source.
Steps to add a FireEye threat source:
To add a FireEye device as a threat source, the syslog service has to be configured on the FireEye device.
- Login to the FireEye device as an administrator.
- Navigate to Settings > Notifications, select rsyslog and the Event type.
- Click Add Rsyslog Server.
- In the dialog box that opens, enter the EventLog Analyzer server IP address in the given field. Choose UDP as the protocol and the format as CEF (default).
- Click on Save.
Once the device is added in EventLog Analyzer, it should then be listed as a threat source. This can be done in a few simple steps.
- In the EventLog Analyzer console, navigate to Settings > Configurations > Manage Threat Source > Add Source
- Click on Existing Host and select the device you had added from the list of existing devices.
- Select FireEye from the Add-on Type list.
- Click on Add.
Once the threat source is added, EventLog Analyzer will start parsing the fields in the logs. This log data can now be viewed in the form of reports.
The reports provide information on:
- Domain matches
- Malware infections
- Callbacks
- Malware objects
- Web infections
EventLog Analyzer also provides reports that give information on the top:
- Severities
- Source IPs of infections
- Target IPs
- Target ports
- Malware
- Active sensors
Don't see what you're looking for?
-
Visit our community
Post your questions in the forum.
-
Request additional resources
Send us your requirements.
-
Need implementation assistance?
Try onboarding