FireEye Helix

Ron Keyston discusses case management in Helix in which he reviews how to create a case, the features available in case management and the ability that Helix has to record revision and case note history within the tool.

Nate Hancock shares ways to find malware on a network using MQL (Mandiant Query Language), how to search for event data in Helix and how to customize those searches using MQL.

Nate Hancock explains that although unknown event data in Helix is common, in significantly small percentages, it’s not usually something to worry about and not necessarily a bad thing.

Chris Schreiber shares how a user can utilize the custom dashboard feature in FireEye Helix to build a report about alerts in an environment over time to better manage reporting.

Nate Hancock shares how to edit cases in FireEye Helix to better organize documentation and investigations on a supported network.

Ron Keyston shares how to filter out noise in a Helix environment and focus on alerts that matter using Rule Query Tuning and Alert Volume Management.

Ron Keyston explains how to use the FireEye Helix Operational Dashboard to monitor the health and status of the appliances connected to your Helix environment along with the data flowing into it.

Chris Schreiber uses FireEye Helix’s analytics modules to hunt for weak indicators in an environment to suss out potentially compromised user accounts.

Nate Hancock uses FireEye Helix to illustrate how correct parsing of raw message data from the NX log can lead to successful searches within your environment.

Nate Hancock uses FireEye Helix to share some valuable MQL malware searches such as com broker, cloud collector or a ‘groupby’ search to find event data.