In this installment of the Tips and Insights series, Mike Olsen demonstrates how to analyze the intelligence in an alert and how to quickly access FireEye’s Intelligence portal using a Chrome extension.
Hi my name is Mike Olsen. I am a Channel Sales Engineer here at FireEye. FireEye is known as a cyber security company with intelligence led security.
When looking at an alert, it’s important to give the analyst all the intelligence they need to make an informed response. In today’s tip, I’m going to show you how to analyze the intelligence in alert and how to quickly access FireEye’s Intelligence portal using a Chrome extension.
Here we have a FireEye alert within Helix. We can see looking at the alert I’ve got a description right at the top. The name. It’s an intel hit based on a fully qualified domain name that we’ve deemed malicious. And so as I go down I can see that it’s the description of the alert that FireEye Intelligence has found a match for this domain name. And we fired on this alert. If I continue scrolling down I get some more information on this. The domain that was deemed malicious. I get the class intel hit. Down here below I get the intel tab where I get some specific more details on this information. I get the information on the malware type. On the threat actor group. But one particular tip a lot of individuals don’t know about that use Helix is that if I have a browser extension, a browser Chrome extension. This is a FireEye iSIGHT browser extension. While I’m doing my alert review any particular artifact or piece of information that I see in here. Like, for example, this domain, I don’t know about it. I don’t know information about it. So I can go and click that.
And then I can go ahead and click search the FireEye iSIGHT Intelligence portal. And it’ll pull me directly over to the Intelligence portal and I can get more information on this threat actor group. So again, just trying to make the information. Put it at the fingertips of the analysts. Bringing the intelligence to make informed decisions quicker and faster. So now you know how to take advantage of FireEye’s Chrome extension to access and stay tuned for more tips and insights.