FireEye NX
App Vendor: FireEye NX
App Category: Network Security
App Version in Orchestrate: 2.0.0
API Version: 1.0.0
About App
The FireEye NX app allows security teams to integrate with the FireEye enterprise application to accurately detect and stop advanced, targeted and evasive attacks in the Internet traffic using FireEye Alerts and Reports.
The FireEye NX app is configured with CSOL application to perform the following:
Action Name | Description |
|---|---|
Fetch alerts | This action retrieves alerts using filters. |
Fetch reports | This action is used to fetch reports from FireEye. |
Request event information | This action requests event information from FireEye. |
Fetch system appliance configuration | This action retrieves system appliance configuration from FireEye. |
Fetch malware artifacts via alert | This action retrieves malware artifacts file using alert ID. |
Fetch malware artifacts data via UUID | This action retrieves malware artifacts data using the UUID. |
Fetch event list configuration | This action retrieves the default event list configuration from FireEye. |
Fetch alert details | This action retrieves alert details using alert ID. |
Acknowledge Alert | This action is used to acknowledge an alert. |
Configuration parameters
The following configuration parameters are required for the FireEye NX app to communicate with the FireEye NX enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the BaseURL for FireEye NX access. Example: <https://<domain.com> | Text | Required | |
Username | Enter the username for endpoint access. | Text | Required | |
Password | Enter the password for endpoint access. | Password | Required | |
Client token | Enter the client token for endpoint access. | Text | Required | |
Port | Enter the port for endpoint access. | Integer | Required | |
SSL verification | Optional preference to either verify or skip the SSL certificate verification for endpoint access | Boolean | Optional | Allowed values:
By default, the value is false. |
Action: Fetch alerts
This action retrieves alerts using filters.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Query string | Enter the parameters as query strings for filtering results in the form of key-value pairs. Example: "id": "10" | Key Value | Optional |
Example Request
[
{
"params":
{
"id": "10"
}
}
]Action: Fetch reports
This action is used to fetch reports from FireEye.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Report name | Enter the report name. Example: "Threat Report" | Text | Required | |
Params | Enter the parameters in the form of key-value pairs. Example: "id": "10" | Key Value | Optional | |
Filters | Enter the filters. | Key-Value | Optional | Allowed values:
|
Report type | Enter the report type. If the parameter used in filters is "time", then report type is mandatory. Example: "empsEmailActivity" | Text | Optional |
Example Request
[
{
"report_name": "Threat Report",
"params":
{
"id": "10"
},
"filters":
{
"id": 11"
}
}
]Action: Request event information
This action requests event information from FireEye.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Params | Enter the parameters in the form of key-value pairs. | Key Value | Optional | Allowed values:
|
Example Request
[
{
"params":
{
"event_type": "default"
}
}
]Action: Fetch system appliance configuration
This action retrieves system appliance configuration from FireEye.
Input Parameters
No input parameters are required for this action.
Action: Fetch malware artifacts via alert
This action retrieves malware artifacts file using alert ID.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the alert ID. Example: "23" | Integer | Required | |
Alert type | Enter the alert type. Example: "Sample Alert Type" | Text | Required |
Example Request
[
{
"alert_id": "23",
"alert_type": "Sample Alert Type"
}
]Action: Fetch malware artifacts data via UUID
This action retrieves malware artifacts data via UUID.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
UUID | Enter the UUID. Example: "0bxxxx0b0-0b0b0b-0b0b-0b0b-0b0xxxxxb" | Text | Required |
Example Request
[
{
"uuid": "0b0b0b0b0-0b0b0b-0b0b-0b0b-0b0b0b0b0b"
}
]Action: Fetch event list configuration
This action retrieves the default event list configuration from FireEye.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Event type | Enter the event type. Example: "Sample Event" | Text | Optional | Default value:
|
Example Request
[
{
"event_type": "Sample Event"
}
]Action: Fetch alert details
his action retrieves alert details using alert ID.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the Alert ID. Example: "23" | Integer | Required |
Example Request
[
{
"alert_id": "23"
}
]Action: Acknowledge Alert
This action is used to add an acknowledgment to an alert.
Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alert ID | Enter the unique ID of the alert to acknowledge. Example: "26" | Integer | Optional | |
Annotation | Enter an annotation to better explain the acknowledgment. Example: "Sample Annotation" | Text | Optional | |
Alert Type | Specify the alert type of the alert. Example: "Malware Object" | Text | Optional |
Example Request
{
"alert_id": "26",
"annotation": "Sample Annotation",
"alert_type": "Malware Object"
}