In this installment of the Tips and Insights series, Sarah Cox demonstrates how the FireEye Health Check Tool helps collect your FireEye appliances’ status and health-related information. The Health Check Tool can be used with physical, virtual, and cloud-based FireEye appliances. The Health Check tool generates a detailed report about the health of your appliance’s hardware, system, configuration, detection and best practices. The report supplies self-help recommendations for any issues identified.
Hi my name is Sarah Cox. I’m an instructor with a FireEye Education Services team. Today I’m going to show you the FireEye health check tool which helps you collect status and health related information about your FireEye appliances. You can use the health check tool with physical, virtual and cloud based FireEye appliances. The health check tool generates a detailed report about the health of your appliances hardware, system, configuration, detection and best practices. The report gives you self-help recommendations for any issues identified. When you use the FireEye health check tool you can be confident in the status and health of your FireEye systems. You can download the health check tool from the FireEye Market at fireeye.market. The FireEye Market is an online marketplace of open source software, freeware and third party applications designed to extend FireEye’s product experience. To download the health check tool make sure you are logged on with your FireEye support account. I’ll click into the tool here. While you’re on the site make sure to download the user guide so you have it for reference later. I’ve already downloaded the archive to my local system. The zip file includes versions for Windows, Mac and Linux systems and I’ve already extracted the Windows version. This is a command line tool so I’ve got a command prompt open. I’ll just make sure I’m in the right location. I can see the tool there. You can use the command line help.
You can use the help switch to list the usage.
Usage information is also in the User Guide.
To start I’m going to run the tool against a single system. I’ll use the target switch to define the target system.
And I could use a comma separated list to indicate other systems. The tools supported for health checks against FireEye Helix, Network Security, Endpoint Security, Email Security, Central Management as well as the Content Analysis MVX appliances. For now I’ll keep it super simple and just check one host. I need to indicate the username. With the username switch.
And now I’m ready to run the tool so I’ll hit enter to execute.
The first time I run the tool I need to agree to the EULA. And enter my support account information. This is the same account I used to download the tool from the FireEye Market.
And finally, I put in the appliance password for the user name I used.
You’ll see the status as the tool gathers appliance configuration information. I’ll just let this run for a while and check back when it’s finished.
Once the check is finished you can find the output in the reports folder. The default generated an HTML report. I can also output to PDF. I’ll show you that in a minute but let me run the tool again to show some other options. This time I’ll use the health check tool with Helix systems.
For Helix appliances I need to authenticate.
The default is appliance mode and I didn’t use that before but now I need to indicate Helix mode with the mode switch.
For this run I have a text file with a list of my hosts each on its own line. So I can use the file switch to indicate that.
That’ll just save me some time for typing.
And for Helix appliances I need to authenticate with an API key. So I use the API key switch and I’ll copy the key off screen. So I have the key and I can pasted in.
I could also use the report PDF switch to generate a PDF. Now the tool is running and collecting information just as it did before. I don’t need to wait for that to finish. Now let me show you some sample output. Let’s explore the output from the health check tool. I have a PDF I generated from running the health check tool against a network security and endpoint security appliance. At the top of the report I see a summary of information about the appliances I checked.
And below that I have the appliance score card. This rates the appliance health in five categories. Hardware, system, configuration, detection and best practices. I can see the hardware it looks like it’s in great condition but the health check tool identified some issues in other areas. Scrolling down I can see there was a warning that the licenses will expire in 90 days. Seeing this now gives me time to address the issue. I also see the appliance images are out of date. In the configuration section I see there are some detection features for network security that are not being used. Enabling these features would increase the detection and prevention capabilities of the appliance.
In the detection portion the report identifies an issue with the security content version. It even shows the CLI commands to use so I can fix this issue.
Lastly the best practices section shows ways I can improve my configuration. Here I see I haven’t configured automated backups on this endpoint security appliance. This is definitely something I want to address. I hope this has been helpful to get you started with the FireEye health check tool. The user guide contains full details on all command line options, like how to run the tool in a proxy environment, so definitely check that out. We’ll continue the conversation in another video about how to setup jobs to run FireEye health check tool regularly against FireEye appliances you manage. Thanks for watching and stay tuned for more FireEye tips and insights.