Searching and Pivoting
Nate Hancock explains how to use FireEye Helix to build basic malware searches using the ‘groupby’ command and subsequently how to pivot off of that information to find sourceIPs.
Nate Hancock explains how to use FireEye Helix to build basic malware searches using the ‘groupby’ command and subsequently how to pivot off of that information to find sourceIPs.
Fayyaz Rajpari shares a tip on the intelligence and context that an alert can provide. Using Helix, an intelligence led platform, an analyst can both provide and receive details on every alert whenever there is intel context available.
Fayyaz Rajpari explains how to use FireEye Helix’s Investigative Tips feature to answer the question “Now What?” after receiving an alert from your networked device.
Fayyaz Rajpari explains how to use FireEye Helix to export data from your environment so that it may be used for offline analysis and review.
Fayyaz Rajpari explains how to use FireEye Helix to retrieve API call history using AWS CloudTrail and VPC flow logs in your AWS environment.
Todd Bane explains data source prioritization options with your Helix deployment. This will help you and your team maximize the value of the data sources that you feed into Helix.
Todd Bane demonstrates how to enable the on-prem CMS to send in alerts generated by your managed FireEye appliances into Helix.
Adam Goff explains self parsing in Helix. Self parsing should be used for extending parsing to cover important unparsed events in Helix.
Adam Goff explains metadata streaming in FireEye Helix. This data can be a very useful for your I.T. and security teams.
Adam Goff explains about TAP Sender and Comm Broker on the FireEye Network Security appliance. Comm Broker and TAP sender also known as the Evidence Collector are valuable tools for collecting events in your environment and getting them to FireEye Helix.