HX Rule Creation

In this installment of the Tips and Insights series, Steve Woodward explains how to use the FireEye HX tool to create advanced rules.

Hello I’m Steve Woodward Channel Systems Engineer at FireEye. In this video I’ll show advanced rule creation in Endpoint Security, also known as HX, and the way we’re going to do that is by using the HX tool application. Alright, we’re going to get started we’re going to log into our Endpoint Security, also known as HX. And right off the bat you might have noticed something different if you haven’t seen the new user interface. This is often known as the Helix design because that’s the first product that used it. Now it’s also part of Endpoint Security. So it’s the biggest thing that we see is that it’s it’s very dark a lot of people like it much better. So we’re going to start, going to create a rule here and see the limits compared to what we want to do sometimes. So we come into our rules and we see what’s already in here. We see listed as category. So we have Mandiant unrestricted rules. We’re going to create one that’s going to be a custom rule. You can create your own categories and so forth. So we come in here and we’re going to do a create indicator. And we see here I’m going to go ahead and deselect a Mac so I can share one additional feature. We have a couple of things, three things that we can do. File. Network Connection. DNS Lookup. You might think, well 3, I could have swore when I bought it or when I really researched this product there were a lot more. And there are. But this user interface we can only do these because of the limitations and the danger of doing things that might be more risky. So we’re going to go ahead and add a file. And we’re going to do a file name. We’re going to do a md5. We can only do we just do one of these. But I’m going to go add them all. And notice they come over here and their in the persistance category. You might notice there was no way for me to select the execute category. That’s one of the limits of this interface. I’m going to give it a name. This rule is right out of the user guide. So I’m just going to call it user guide sample and go ahead and say create. And so then here it is. User guide sample. It’s Windows only. Was created by me. I’m admin and it’s a custom that only has one condition. So now we’re going to go and use HX tool to show you how to do more advanced rules. And to do that first we have to go get HX tool and you can get that from the FireEye community. Thanks for spending the time learning about how to use FireEye tips and insights.

Scroll to Top