FireEye Network Security and Forensics Integration

FireEye Network Security and Forensics (NX)

Version: FireEye Network Security and Forensics (NX)

The FireEye Network Security and Forensics (NX) is an effective cyber threat protection solution. It helps organizations minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted and other evasive attacks hiding in Internet traffic.

Netsurion's Open XDR platform integrates with FireEye NX, collects log from FireEye NX and creates detailed reports, alerts, dashboards and saved searches. These attributes of Netsurion's Open XDR platform help users to view the critical and important information on a single platform.

Reports contain a detailed overview of events such as, malware object, indicating the presence of a file attachment with a malicious executable payload. It will also show web infection indicating an outbound connection to a website initiated by a web browser that was determined to be malicious.

Alerts are provided as soon as any critical event is triggered by the FireEye NX. With alerts, users will be able to get notifications about real time occurrences of events such as, suspicious file hash detection, or suspicious web URL detection, and any such activities.

Dashboards will display a graphical overview of all the malwares detected by FireEye NX, or Command and Control server connection, etc. These services will include information such as suspicious source IP address, source port, destination IP address, destination port, anomaly type, malware name, etc.

Once FireEye NX is configured to deliver events to Netsurion Manager, alerts, dashboards, and reports can be configured into Netsurion.

Alerts

Type	Name	Description
Security	FireEye NX - A Command and Control connection has been blocked	This alert is triggered when the FireEye MVX engine detects an established command and control server connection with an endpoint in the network.
Security	FireEye NX - A website with malicious contents has been discovered	This alert is triggered when the FireEye detects a user visited website is infected with malicious contents.
Security	FireEye NX - File attachment with a malicious executable payload detected	This alert is triggered when the FireEye detects a file attachment with a malicious executable payload.

Reports

Type	Name	Description
Security	FireEye NX - Malicious File Detected	This report for FireEye includes events that indicate a file attachment with a malicious executable payload. The report contains the file hash of the malicious payload along with relevant information such as source and destination IP.
Security	FireEye NX - Outbound connections with malicious websites	This report for FireEye includes events indicating a web browser that initiated an outbound connection to a website determined to be malicious. This report contains the infected website URL, along with relevant information such as source and destination IP.
Security	FireEye NX - Successful Command and Control Activities	This report for FireEye includes events that indicate there is an established connection between the infected endpoint and a command and control (CnC) server. This report contains the information on Command and control server IP address and to which system it has connected, i.e. source IP.
Security	FireEye NX - Suspicious Domain match Activities	This report for FireEye includes events that indicate the website domain has been identified as the source of malicious behavior.
Security	FireEye NX - URL pointing to the initial web infection	This report for FireEye includes events that indicate the process of identifying a URL pointing to the initial web infection.

Documentation:

The configuration details are consistent with Netsurion version 9.x and later, and FireEye Network Security and Forensics (NX).

Download Integration Guide and How-to Guide for more information and to configuration instructions.