This article describes the way in which to set up the FireEye (AX Series) integration on Demisto.
Setting up the FireEye Web Services API to work with Demisto:
This section explains what needs to be done to set up a Fire Eye Web Services API for Demisto integration on the FireEye side.
This integration supports AXSeriesWebServicesAPI versions 7.7.0 and up.
To use this integration, you need to have a Fire Eye user account of either api_analyst or api_monitor.
To set up the FireEye Web Services API:
1. On the machine where the FireEye API will run, open the CLI and enter the following:
hostname > enable
hostname # configure terminal
hostname (config) # wsapi enable
2. Make sure that FireEye Web Services API is running ether the following:
The reply should indicate that the Server is ‘enabled’ and in ‘running’ state.
Setting up the integration on Demisto:
1. Go to ‘Settings > Integrations > Servers & Services’
2. Locate the FireEye (AX Series) integration by searching for ‘FireEye’ using the search box on the top of the page.
3. Click ‘Add instance’ to create and configure a new integration. You should configure the following FireEye and Demisto-specific settings:
: A textual name for the integration instance.
Server URL : The hostname or IP address of the FireEye’ application. Make sure the URL is reachable with respect to IP address and port.
Credentials and Password : Your FireEye username and password.
Do not validate server certificate : Select to avoid server certification validation. You may want to do this in case Demisto cannot validate the integration server certificate (due to missing CA certificate)
Use system proxy settings – Mark this option.
Demisto engine : If relevant, select the engine that acts as a proxy to the server.
Engines are used when you need to access a remote network segments and there are network devices such as proxies, firewalls, etc. that prevent the Demisto server from accessing the remote networks.
For more information on Demisto engines see:
Require users to enter additional password: Select whether you’d like an additional step where users are required to authenticate themselves with a password.
4. Press the ‘Test’ button to validate connection.
If you are experiencing issues with the service configuration, please contact Demisto support at firstname.lastname@example.org
5. After completing the test successfully, press the ‘Done’ button.