FireEye (AX Series)

This article describes the way in which to set up the FireEye (AX Series) integration on Demisto.

Setting up the FireEye Web Services API to work with Demisto:

This section explains what needs to be done to set up a Fire Eye Web Services API for Demisto integration on the FireEye side.

This integration supports AXSeriesWebServicesAPI versions 7.7.0 and up.

To use this integration, you need to have a Fire Eye user account of either api_analyst or api_monitor.

To set up the FireEye Web Services API:

1. On the machine where the FireEye API will run, open the CLI and enter the following:

hostname > enable

hostname # configure terminal

hostname (config) # wsapi enable

2. Make sure that FireEye Web Services API is running ether the following:

hostname(config)#showwsapi

The reply should indicate that the Server is ‘enabled’ and in ‘running’ state.

Setting up the integration on Demisto:

1. Go to ‘Settings > Integrations > Servers & Services’

2. Locate the FireEye (AX Series) integration by searching for ‘FireEye’ using the search box on the top of the page.

3. Click ‘Add instance’ to create and configure a new integration. You should configure the following FireEye and Demisto-specific settings:

Name : A textual name for the integration instance.
Server URL : The hostname or IP address of the FireEye’ application. Make sure the URL is reachable with respect to IP address and port.
Credentials and Password : Your FireEye username and password.
Do not validate server certificate : Select to avoid server certification validation. You may want to do this in case Demisto cannot validate the integration server certificate (due to missing CA certificate)
Use system proxy settings – Mark this option.
Demisto engine : If relevant, select the engine that acts as a proxy to the server.
Engines are used when you need to access a remote network segments and there are network devices such as proxies, firewalls, etc. that prevent the Demisto server from accessing the remote networks.

For more information on Demisto engines see:
https://demisto.zendesk.com/hc/en-us/articles/226274727-Settings-Integrations-Engines
Require users to enter additional password: Select whether you’d like an additional step where users are required to authenticate themselves with a password.

4. Press the ‘Test’ button to validate connection.
If you are experiencing issues with the service configuration, please contact Demisto support at support@demisto.com

5. After completing the test successfully, press the ‘Done’ button.

Commands:

fe-alert - FireEye view existing alert command. See the FireEye Web Services API Guide for details
fe-config - Configuration commands. See the FireEye Web Services API Guide for details
fe-report - Return a requested report
fe-submit - Submit a malware object for analysis by FireEye
fe-submit-result - Submission key of the submission
fe-submit-status - Get a status for a malware object submitted to FireEye analysis
fe-submit-url - Submit a URL to FireEye for analysis
fe-submit-url-status - Get the status of a URL submitted to FireEye for analysis