In this installment of the Tips and Insights series, Andrew Lasser explains how to easily create custom dashboards in FireEye Helix.
Hi, my name is Andrew Lasser. I’m a Channel Systems Engineer at FireEye. Creating dashboards within Helix could seem overwhelming and difficult. I’d like to show you a fast and easy way of getting started. We’re already logged into the Helix summary dashboard. What we’re going to do is use bro_conn connections, which are a connection firewall related events within Helix and we’re going to use these to create a dashboard. So we’re going to click on bro_conn at the bottom under event classes. One thing we do need to do is we need to group the connections by a specific field. So once we search for the bro_conn class we go all the way to the top here and we figure out maybe you want to group by the destination IP. This field is called dstipv4. Going to group dstpiv4.
And we see on the left hand side we have destination IP addresses in a descending order. We’re going to use this search line at the top to create the dashboard. And you click on dashboards. Custom. Create dashboard. First you have to name it. We’ll call it “Connections”. Create. We’ll have to add a widget to the specific dashboards. We’ll call this “Destination Connections”. We’ll select the pie chart. Then query and import the same search field that we just had before. Click save. And it now displays all of the destination connections in the specific time frame that we indicated all in a descending order. So we see that 28.2 percent of destination IP addresses are 188.8.131.52. You can use this to figure out if your users are going to various different destinations and if they’re possibly malicious or Thanks for watching. Check back for more tips and insights.Thanks for watching. Check back for more tips and insights.