Helix

Searching and Pivoting

Searching and Pivoting

Nate Hancock explains how to use FireEye Helix to build basic malware searches using the ‘groupby’ command and subsequently how to pivot off of that information to find sourceIPs.

Intelligence Contribution and Context

Intelligence Contribution and Context

Fayyaz Rajpari shares a tip on the intelligence and context that an alert can provide. Using Helix, an intelligence led platform, an analyst can both provide and receive details on every alert whenever there is intel context available.

Investigative Tips

Investigative Tips

Fayyaz Rajpari explains how to use FireEye Helix’s Investigative Tips feature to answer the question “Now What?” after receiving an alert from your networked device.

Exporting Data from Helix

Exporting Data from Helix

Fayyaz Rajpari explains how to use FireEye Helix to export data from your environment so that it may be used for offline analysis and review.

AWS Monitoring with Helix

AWS Monitoring with Helix

Fayyaz Rajpari explains how to use FireEye Helix to retrieve API call history using AWS CloudTrail and VPC flow logs in your AWS environment.

Data Source Prioritization in Helix

Data Source Prioritization in Helix

Todd Bane explains data source prioritization options with your Helix deployment. This will help you and your team maximize the value of the data sources that you feed into Helix.

Feeding Metadata & Third Party Log Event Information

Feeding Metadata & Third Party Log Event Information

Todd Bane demonstrates how to enable the evidence collector and comm broker features on the FireEye NX appliance in order to feed in metadata and third party log event information into your Helix instance.

Self Parsing within Helix

Self Parsing within Helix

Adam Goff explains self parsing in Helix. Self parsing should be used for extending parsing to cover important unparsed events in Helix.

Scroll to Top