Overview

FireEye Network Security is an effective cyber threat protection solution that helps organizations minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted and other evasive attacks hiding in Internet traffic. It facilitates efficient resolution of detected security incidents in minutes with concrete evidence, actionable intelligence and response workflow integration. With FireEye Network Security, organizations are effectively protected against today’s threats whether they exploit Microsoft Windows, Apple OS X operating sys

Configuring a Syslog Forwarding

Ntegrating FireEye NX with EventTracker

Follow the below steps to configure syslog.

1. Login to FireEye NX Web UI with an admin account.

2. Navigate to Settings > Notifications.

3. Click rsyslog and Check the “Event type” check box.

4. Make sure Rsyslog settings are:
   Default format: CEF
   Default delivery: Per event
   Default send as: Alert

5. Next to the “Add Rsyslog Server” button, type “EventTracker”. And, click on “Add Rsyslog Server”
   button.

6. Enter the EventTracker server IP address in the "IP Address" field. (Public IP, if hosted in cloud)

7. Check off the Enabled check box.

8. Select Per Event in the "Delivery" drop-down list.

9. Select All Events from the "Notifications" drop-down list.

10. Select CEF as the "Format" drop-down list.

11. Select UDP from the "Protocol" drop-down list. (Default port is 514)

12. Now, click Update. And click the “Test-Fire” button to send the test events to EventTracker server.

Verification:

STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.