Tips and Insights

Our Tips and Insights videos showcase some of our favorite FireEye product features and workflows, usually in five minutes or less.

Advanced Features of the FireEye Health Check Tool

Sarah Cox demonstrates advanced FireEye Health Check Tool configurations, including how to create a configuration file with encrypted password information, how to run a health check in silent mode, and how to run the tool automatically using tasks or CRON jobs.

Archive Search

Fayyaz Rajpari shares a tip on how to use FireEye Helix to search for data in your system that is beyond the normal indexing period of 16 days.

AWS Monitoring with Helix

Fayyaz Rajpari explains how to use FireEye Helix to retrieve API call history using AWS CloudTrail and VPC flow logs in your AWS environment.

Building Custom Dashboards

Chris Schreiber shares how a user can utilize the custom dashboard feature in FireEye Helix to build a report about alerts in an environment over time to better manage reporting.

Create and Manage Host Sets

Dan Faltisco describes how to create and manage host sets within FireEye Endpoint. This is helpful when managing different systems in your environment.

Creating Multi-Stage Rules

Mike Olsen explains how to create a multi-stage rules in FireEye Helix. Multi-stage rules trigger alerts of a possible compromise when a sequence of events occur.

Data Source Prioritization in Helix

Todd Bane explains data source prioritization options with your Helix deployment. This will help you and your team maximize the value of the data sources that you feed into Helix.

Editing a Case in Helix

Nate Hancock shares how to edit cases in FireEye Helix to better organize documentation and investigations on a supported network.

Endpoint Custom Login Banners

Matt Beyhl explains how to create logon banners for FireEye’s Endpoint Security system. These banners enable administrators to display custom messages which will be seen by the user during the login process.

Endpoint Triage

Jason Forcht explains how to read a FireEye Endpoint triage report. These reports allow a security analyst to easily investigate a possible compromise.

Event Data and Parsing

Nate Hancock uses FireEye Helix to illustrate how correct parsing of raw message data from the NX log can lead to successful searches within your environment.

Exporting Data from Helix

Fayyaz Rajpari explains how to use FireEye Helix to export data from your environment so that it may be used for offline analysis and review.

Feeding Metadata & Third Party Log Event Information

Todd Bane demonstrates how to enable the evidence collector and comm broker features on the FireEye NX appliance in order to feed in metadata and third party log event information into your Helix instance.

FSO Queue Plugin Overview

Richard Ignacio gives a brief overview of the queue plugin for the FireEye Security Orchestrator (FSO).

Gathering Information to Report False Negatives

Nate Hancock explains false negatives may indicate a threat inside your network. Identifying and reporting them can resolve these issues, and gathering the appropriate information can expedite the resolution process.

Helix Case Management

Ron Keyston discusses case management in Helix in which he reviews how to create a case, the features available in case management and the ability that Helix has to record revision and case note history within the tool.

Helix Operational Dashboard

Ron Keyston explains how to use the FireEye Helix Operational Dashboard to monitor the health and status of the appliances connected to your Helix environment along with the data flowing into it.

Hunting for Weak Indicators

Chris Schreiber uses FireEye Helix’s analytics modules to hunt for weak indicators in an environment to suss out potentially compromised user accounts.

HX Rule Creation

Steve Woodward explains how to use the FireEye HX tool to create advanced rules.

Intelligence Contribution and Context

Fayyaz Rajpari shares a tip on the intelligence and context that an alert can provide. Using Helix, an intelligence led platform, an analyst can both provide and receive details on every alert whenever there is intel context available.

Intro to Helix API

Bryon Wolcott introduces you to the Helix API, which allows you to quickly and systematically pull data out of Helix into other applications.

Investigative Tips

Fayyaz Rajpari explains how to use FireEye Helix’s Investigative Tips feature to answer the question “Now What?” after receiving an alert from your networked device.

MQL Introduction

Nate Hancock shares ways to find malware on a network using MQL (Mandiant Query Language), how to search for event data in Helix and how to customize those searches using MQL.

Overview of FSO Plugins

Mohammad Anwar gives a brief overview of the plugins for the FireEye Security Orchestrator product, including a description of what plugins are, how to install them, and configure them for use in FSO.

Overview of Helix Subsearch

Bryon Wolcott demonstrates Helix’s subsearch feature, which allows you to run a query and then use those results in another query.

Reviewing Endpoint Alerts

Jason Forcht provides insight into a FireEye Endpoint alert to help you better understand what you’re seeing in the FireEye Endpoint console.

Reviewing Endpoint Security Logs

Jim Coyle describes how to obtain Endpoint Security logs, search for errors and requests to download the agent diagnostics in the event you ever need to do some troubleshooting.

Searching Alerts

Chris Schreiber talks about how searching within the Helix environment to look at alerts over a longer period of time and dive deeper into the details of an alert using the Helix console.

Searching and Pivoting

Nate Hancock explains how to use FireEye Helix to build basic malware searches using the ‘groupby’ command and subsequently how to pivot off of that information to find sourceIPs.

Self Parsing within Helix

Adam Goff explains self parsing in Helix. Self parsing should be used for extending parsing to cover important unparsed events in Helix.

Tap Sender and Comm Broker on FireEye Network Security

Adam Goff explains about TAP Sender and Comm Broker on the FireEye Network Security appliance. Comm Broker and TAP sender also known as the Evidence Collector are valuable tools for collecting events in your environment and getting them to FireEye Helix.

Tuning Rule Queries

Ron Keyston shares how to filter out noise in a Helix environment and focus on alerts that matter using Rule Query Tuning and Alert Volume Management.

Understanding Unknown Event Data

Nate Hancock explains that although unknown event data in Helix is common, in significantly small percentages, it’s not usually something to worry about and not necessarily a bad thing.

Updating Licenses

Dan Smithson reviews the license update process for FireEye appliances.

Valuable MQL Searches

Nate Hancock uses FireEye Helix to share some valuable MQL malware searches such as com broker, cloud collector or a ‘groupby’ search to find event data.

Scroll to Top