FireEye Network Security and Forensics (NX)
Version: FireEye Network Security and Forensics (NX)
The FireEye Network Security and Forensics (NX) is an effective cyber threat protection solution. It helps organizations minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted and other evasively attacks hiding in Internet traffic.
Netsurion Open XDR integrates with FireEye NX, collects log from FireEye NX and creates detailed reports, alerts, dashboards and saved searches. These attributes of Netsurion Open XDR help users to view the critical and important information on a single platform.
Reports contain a detailed overview of events such as, malware object, indicating the presence of a file attachment with a malicious executable payload. It will also show web infection indicating an outbound connection to a website initiated by a web browser that was determined to be malicious.
Alerts are provided as soon as any critical event is triggered by the FireEye NX. With alerts, users will be able to get notifications about real time occurrences of events such as, suspicious file hash detection, or suspicious web URL detection, and any such activities.
Dashboards will display a graphical overview of all the malwares detected by FireEye NX, or Command and Control server connection, etc. These services will include information such as suspicious source IP address, source port, destination IP address, destination port, anomaly type, malware name, etc.
Once FireEye NX is configured to deliver events to Netsurion Open XDR Manager, alerts, dashboards, and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | FireEye NX – A Command and Control connection has been blocked | This alert is triggered when the FireEye MVX engine detects an established command and control server connection with an endpoint in the network. |
| Security | FireEye NX – A website with malicious contents has been discovered | This alert is triggered when the FireEye detects a user visited website is infected with malicious contents. |
| Security | FireEye NX – File attachment with a malicious executable payload detected | This alert is triggered when the FireEye detects a file attachment with a malicious executable payload. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | FireEye NX – Malicious File Detected | This report for FireEye includes events that indicate a file attachment with a malicious executable payload. The report contains the file hash of the malicious payload along with relevant information such as source and destination IP. |
| Security | FireEye NX – Outbound connections with malicious websites | This report for FireEye includes events indicating a web browser that initiated an outbound connection to a website determined to be malicious. This report contains the infected website URL, along with relevant information such as source and destination IP. |
| Security | FireEye NX – Successful Command and Control Activities | This report for FireEye includes events that indicate there is an established connection between the infected endpoint and a command and control (CnC) server. This report contains the information on Command and control server IP address and to which system it has connected, i.e. source IP. |
| Security | FireEye NX – Suspicious Domain match Activities | This report for FireEye includes events that indicate the website domain has been identified as the source of malicious behavior. |
| Security | FireEye NX – URL pointing to the initial web infection | This report for FireEye includes events that indicate the process of identifying a URL pointing to the initial web infection. |
Documentation:
The configuration details are consistent with Netsurion Open XDR 9.x and later, and FireEye Network Security and Forensics (NX).
Download Integration Guide and How-to Guide for configuration instructions and more information.