Our Tips and Insights videos showcase some of our favorite FireEye product features and workflows, usually in five minutes or less.
Bryon Wolcott explains how to access the Helix API with PowerShell or other scripting languages to interact with Helix.
Richard Ignacio demonstrates how to add items to the queue within the FireEye Security Orchestrator (FSO) queue plugin.
Sarah Cox demonstrates advanced FireEye Health Check Tool configurations, including how to create a configuration file with encrypted password information, how to run a health check in silent mode, and how to run the tool automatically using tasks or CRON jobs.
Fayyaz Rajpari shares a tip on how to use FireEye Helix to search for data in your system that is beyond the normal indexing period of 16 days.
Fayyaz Rajpari explains how to use FireEye Helix to retrieve API call history using AWS CloudTrail and VPC flow logs in your AWS environment.
Chris Schreiber shares how a user can utilize the custom dashboard feature in FireEye Helix to build a report about alerts in an environment over time to better manage reporting.
Steve Woodward compares the functionality and data return of the Helix Cloud Collector to that of the new Evidence Collector feature.
Nate Hancock demonstrates how to configure the home net variable within FireEye’s Network Security system.
Todd Bane demonstrates how to enable the on-prem CMS to send in alerts generated by your managed FireEye appliances into Helix.
Dan Faltisco explains how to contain a possibly compromised host within FireEye Endpoint Security.
Dan Faltisco describes how to create and manage host sets within FireEye Endpoint. This is helpful when managing different systems in your environment.
Mike Olsen explains how to create a multi-stage rules in FireEye Helix. Multi-stage rules trigger alerts of a possible compromise when a sequence of events occur.
Mohammad Anwar gives a brief overview of customs scripts that can be used in the FireEye Security Orchestrator (FSO).
Todd Bane explains data source prioritization options with your Helix deployment. This will help you and your team maximize the value of the data sources that you feed into Helix.
Mohammad Anwar gives a brief overview of devices for FireEye Security Orchestrator (FSO).
Nate Hancock shares how to edit cases in FireEye Helix to better organize documentation and investigations on a supported network.
Dan Smithson explains the configuration of e-mail alerts across FireEye’s Helix platform.
Adam Goff explains metadata streaming in FireEye Helix. This data can be a very useful for your I.T. and security teams.
Matt Beyhl demonstrates how to perform a health check on a FireEye Email Security appliance.
Jim Coyle demonstrates how to enhance your security operations by enabling FireEye’s Advanced URL Defense feature.
Matt Beyhl explains how to create logon banners for FireEye’s Endpoint Security system. These banners enable administrators to display custom messages which will be seen by the user during the login process.
Jason Forcht explains how to read a FireEye Endpoint triage report. These reports allow a security analyst to easily investigate a possible compromise.
Nate Hancock uses FireEye Helix to illustrate how correct parsing of raw message data from the NX log can lead to successful searches within your environment.
Todd Bane explains the capabilities of the FireEye Security Orchestrators (FSO) VirusTotal plugin.
Fayyaz Rajpari explains how to use FireEye Helix to export data from your environment so that it may be used for offline analysis and review.
Todd Bane demonstrates how to enable the evidence collector and comm broker features on the FireEye NX appliance in order to feed in metadata and third party log event information into your Helix instance.
Omead Ahdieh discusses five different ways to clear disk on an NX appliance to prepare for guest images and OS update installs.
Richard Ignacio gives a brief overview of the queue plugin for the FireEye Security Orchestrator (FSO).
Nate Hancock explains false negatives may indicate a threat inside your network. Identifying and reporting them can resolve these issues, and gathering the appropriate information can expedite the resolution process.
Nate Hancock demonstrates how to gather information for reporting a false positive to FireEye Support.
Steve Woodward demonstrates how to get started with the SmartVision feature of FireEye’s Network Security system.
Ron Keyston discusses case management in Helix in which he reviews how to create a case, the features available in case management and the ability that Helix has to record revision and case note history within the tool.
Andrew Lasser explains how to easily create custom dashboards in FireEye Helix.
Ron Keyston explains how to use the FireEye Helix Operational Dashboard to monitor the health and status of the appliances connected to your Helix environment along with the data flowing into it.
Richard Ignacio gives a brief overview of the HTTPS listeners plug-in for the FireEye Security Orchestrator (FSO).
Chris Schreiber uses FireEye Helix’s analytics modules to hunt for weak indicators in an environment to suss out potentially compromised user accounts.
Steve Woodward explains how to use the FireEye HX tool to create advanced rules.
Dan Smithson describes how FireEye technology can be leveraged to identify indicators of compromise from FireEye’s intel pool.
Fayyaz Rajpari shares a tip on the intelligence and context that an alert can provide. Using Helix, an intelligence led platform, an analyst can both provide and receive details on every alert whenever there is intel context available.
Bryon Wolcott introduces you to the Helix API, which allows you to quickly and systematically pull data out of Helix into other applications.
Sarah Cox demonstrates how the FireEye Health Check Tool helps collect your FireEye appliances’ status and health-related information.
Jason Forcht describes how to investigate callback alerts in the FireEye Network Security system.
Fayyaz Rajpari explains how to use FireEye Helix’s Investigative Tips feature to answer the question “Now What?” after receiving an alert from your networked device.
Nate Hancock shares ways to find malware on a network using MQL (Mandiant Query Language), how to search for event data in Helix and how to customize those searches using MQL.
Matt Beyhl discusses the deployment and health check for our FireEye Network Security (NX) tool.
Mohammad Anwar gives a brief overview of the plugins for the FireEye Security Orchestrator product, including a description of what plugins are, how to install them, and configure them for use in FSO.
Bryon Wolcott demonstrates Helix’s subsearch feature, which allows you to run a query and then use those results in another query.
Richard Ignacio explains how to read items found within the FireEye Security Orchestration (FSO) queue.
Jason Forcht provides insight into a FireEye Endpoint alert to help you better understand what you’re seeing in the FireEye Endpoint console.
Jim Coyle describes how to obtain Endpoint Security logs, search for errors and requests to download the agent diagnostics in the event you ever need to do some troubleshooting.
Chris Schreiber talks about how searching within the Helix environment to look at alerts over a longer period of time and dive deeper into the details of an alert using the Helix console.
Nate Hancock explains how to use FireEye Helix to build basic malware searches using the ‘groupby’ command and subsequently how to pivot off of that information to find sourceIPs.
Adam Goff explains self parsing in Helix. Self parsing should be used for extending parsing to cover important unparsed events in Helix.
Todd Bane explains the use of start event adapters when building playbooks within FireEye Security Orchestrator (FSO).
Mike Olsen demonstrates how to analyze the intelligence in an alert and how to quickly access FireEye’s Intelligence portal using a Chrome extension.
Adam Goff explains about TAP Sender and Comm Broker on the FireEye Network Security appliance. Comm Broker and TAP sender also known as the Evidence Collector are valuable tools for collecting events in your environment and getting them to FireEye Helix.
Dan Smithson reviews the four major alert types presented within the FireEye Network Security interface.
Omead Ahdieh shares three ways to use a CM to manage disk space on peripheral appliances to prepare for guest images and OS update installs.
Richard Ignacio explains how to trigger a FireEye Security Orchestration (FSO) course of action or playbook through an HTML form.
Ron Keyston shares how to filter out noise in a Helix environment and focus on alerts that matter using Rule Query Tuning and Alert Volume Management.
Nate Hancock explains that although unknown event data in Helix is common, in significantly small percentages, it’s not usually something to worry about and not necessarily a bad thing.
Dan Smithson reviews the license update process for FireEye appliances.
Dan Lewandowski builds a custom HIPAA dashboard for use with your compliance team audits or other compliance related needs.
Dan Lewandowski discusses how to use Helix to build a custom PCI dashboard. These dashboards can be used for compliance or auditing purposes.
Andrew Lasser shows a quick and easy way to check for security content and guest image updates across your entire email and network security infrastructure within the CLI.
Nate Hancock uses FireEye Helix to share some valuable MQL malware searches such as com broker, cloud collector or a ‘groupby’ search to find event data.