FireEye Helix

Searching and Pivoting

Searching and Pivoting

Nate Hancock explains how to use FireEye Helix to build basic malware searches using the ‘groupby’ command and subsequently how to pivot off of that information to find sourceIPs.

Intelligence Contribution and Context

Intelligence Contribution and Context

Fayyaz Rajpari shares a tip on the intelligence and context that an alert can provide. Using Helix, an intelligence led platform, an analyst can both provide and receive details on every alert whenever there is intel context available.

Investigative Tips

Investigative Tips

Fayyaz Rajpari explains how to use FireEye Helix’s Investigative Tips feature to answer the question “Now What?” after receiving an alert from your networked device.

Exporting Data from Helix

Exporting Data from Helix

Fayyaz Rajpari explains how to use FireEye Helix to export data from your environment so that it may be used for offline analysis and review.

AWS Monitoring with Helix

AWS Monitoring with Helix

Fayyaz Rajpari explains how to use FireEye Helix to retrieve API call history using AWS CloudTrail and VPC flow logs in your AWS environment.

Data Source Prioritization in Helix

Data Source Prioritization in Helix

Todd Bane explains data source prioritization options with your Helix deployment. This will help you and your team maximize the value of the data sources that you feed into Helix.

Self Parsing within Helix

Self Parsing within Helix

Adam Goff explains self parsing in Helix. Self parsing should be used for extending parsing to cover important unparsed events in Helix.

Tap Sender and Comm Broker on FireEye Network Security

Tap Sender and Comm Broker on FireEye Network Security

Adam Goff explains about TAP Sender and Comm Broker on the FireEye Network Security appliance. Comm Broker and TAP sender also known as the Evidence Collector are valuable tools for collecting events in your environment and getting them to FireEye Helix.

Scroll to Top