In this installment of the Tips and Insights series, Dan Faltisco describes how to create and manage host sets within FireEye Endpoint. This is helpful when managing different systems in your environment.
Hello I’m Dan Faltisco a Channel Sales Engineer at FireEye. I’d like to give you a quick tip on how to create and manage host sets within FireEye Endpoint. If you’re a security administrator this is a crucial skill you’ll want to use to manage different systems in your environment. With different machines in your environment to create and edit hosts you’ll need to go into the administration menu and select “Host Sets”. From there you’ll have a couple options when you click “Create Host Set” button. The lower option allows you to create a host set from a static list. This option is pretty straightforward and it’s very useful if you know the specific IP addresses or host names of a few highly critical machines. You would enter them in. You can enter in partials and hit search. And when this is done searching you can then click and drag to add them into your new host set or just click and add if you wish to do it that way. If you made a mistake and you want to remove that particular host from your host set you can then click that and then hit the remove button. When you’re done creating your static list you can then give it a name and click to create. The other way to create a host set is to do so with our dynamic set builder tool. This tool is useful because you can create a host set based on a certain set of rules and new machines that match those rules will automatically be included. For instance let’s say I want to create a host set based first on an operating system. So I’ll go to “OS & Patch”. Select Windows 7 Professional. I see that we have 82 machines that match that. I’m going to drag that up and add that to my host set. Next let’s say I want to drill down further and define it again based on hostname. So I’m going to give a search parameter here. We’re going to choose “victim” because I know this is a demo environment I have a lot of victim machines. And I’m going to click that again and then place it right over the other one and that gets added to our set builder. So now we can manipulate this data in a number of different ways. Default is an inclusive of all machines in both parameters. But if I want to change it to just include hosts with both matching rules I can do so by clicking the middle here and I can manipulate the data further by clicking through on that center box. Once were satisfied with how this set looks from a rule standpoint we can give that a name as well and click create. Once we’re done creating our host sets we are then greeted by this screen which is our host sets screen. From here we can do some additional things. One of the things we can do is edit one of these host sets by clicking the “Edit/View” button which is that little pencil. And from here we can change the rules, take machines out if we wish to, etc. We could also delete these host sets if they’re no longer being used or they’re no longer valid for our business purposes.
And that’s how you create and manage host sets in FireEye FireEye.