In this installment of the Tips and Insights series, Sarah Cox demonstrates advanced FireEye Health Check Tool configurations, including how to create a configuration file with encrypted password information, how to run a health check in silent mode, and how to run the tool automatically using tasks or CRON jobs. For more information or a quick introduction on the Health Check Tool, check out the FireEye Health Check Tool introduction video, which covers the basics of running the tool against FireEye physical, virtual and cloud appliances.
Hey this is Sara Cox again. I’m an instructor with the FireEye Education Services team. I wanted to show you some advanced configurations to run the FireEye health check tool in an automatic way. I’ll show you how to create a configuration file with encrypted password information, how to run a health check in silent mode and how to run the tool automatically using tasks or cron jobs. If you’re just getting started with the health check tool check out the introduction video which shows the basics of running the tool against FireEye physical, virtual and cloud appliances. To build the configuration file I’ll use the health check tool command like I did before which has targets in the user name specified. Then I’ll use the create config switch. This will create a configuration file based on the parameters I’m currently using.
At the prompt I’ll enter the password. This won’t be saved in the configuration file and I’ll revisit this in a minute. And again the tool runs and collect system information. For this video we sped some of these steps up.
At the end of the run I can see it created the configuration file. I’ll also need an encrypted version of the password for my configuration file. So I’m going to do that now before editing it.
I mentioned that it doesn’t store the password in the configuration file and so I need to generate an encrypted version of it and I’ll do that with the encrypt switch.
And I’ll enter my password.
The password is encrypted using unique attributes of this system where I’m creating it. If I wanted to use the configuration file on another system I would need to regenerate the encrypted password on that system. Here’s the encrypted password string. I’ll copy that.
And now let’s have a look at the configuration file. It created it in the config folder and I can edit it. And I can see the stored configuration.
Here’s the stored configuration file for the targets and username I provided. I need to replace the password string here with the encrypted password string I just generated.
And if I had other hosts with the same username and password I could add them here.
And I could save it. Now this set of appliances all uses the same username and password and has the same mode. I could copy and paste this format and update this for different sets of appliances with different passwords credentials or even modes but I’m not going to do that now. I’ll just save and close this. And now I’m ready to use my configuration file.
This time when I run the tool I’m going to use the full path and you’ll see why in a minute here.
And to use the configuration file I’ll use the config switch and point it at my file.
And the last step is I’m going to use quiet mode just to make this command kind of run in the background here.
And again I’ll allow some time for that to run and confirm it finished.
If you’re more comfortable you can use the task schedule GUI. But I’m going to work from the command line since I’m already here at the command prompt. So I’ll use the scheduled tasks command and use create. And I need to give at a task name. Put that in quotes.
And I need to tell the task to run and I’ll put that in quotes as well. And I’m going to copy the string that I just used here. That’s the task to run. And then I need to tell it how often to run and for this test I’ll just do one time once and I’ll give it to start time. And I’m just gonna use a time close to this current time and set the start date to today.
And that’s it. Schedule this to run and I could see it was successfully created. Now to set this up to run more regularly I would change the run once here to weekly and I could update my start time and start date. Let me switch over to a Linux system and show how to set up a cron job. I’ve already run my command to test it. So I have the command line here.
Copy it and then I’ll edit my cron tab file to set up the automated job.
And you can see I’ve got the format pre configured here. So I tested it running it at a specific time and when I know it works I could use that weekly to have the tasks run weekly and then save my file.
And that’s it., now I have my cron job setup.
I can list my cron jobs to confirm it’s set up properly. I hope this helps you use the FireEye health check tool watching and stay tuned for more FireEye tips and insights.watching and stay tuned for more FireEye tips and insights.