Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Device Integration Fire Eye
Overview
The FireEye Network Security and Forensics (NX) is an effective cyber threat protection solution. It helps organizations minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted and other evasive attacks hiding in Internet traffic. EventTracker, when integrated with FireEye NX, collects logs from FireEye NX and creates detailed reports, alerts, dashboards and saved searches. These attributes of EventTracker help users to view critical and important information on a single platform.
With FireEye Network Security, organizations are effectively protected against today’s threats whether they exploit Microsoft Windows or Apple OS X operating systems.
Prerequisites
VCP (virtual collection point) syslog port should be opened.
Port 514 should be allowed in Firewall (if applicable).
Configuring a Syslog Forwarding
Integrating FireEye NX with EventTracker
Follow the below steps to configure the syslog.
Login to FireEye NX Web UI with an admin account.
Navigate to Settings > Notifications.
Click rsyslog and Check the “Event type” check box.
Make sure Rsyslog settings are:
Default format: CEF
Default delivery: Per event
Default send as AlertNext to the “Add Rsyslog Server” button, type “EventTracker”. And, click on “Add Rsyslog Server”
button.Enter the EventTracker server IP address in the "IP Address" field. (Public IP, if hosted in the cloud)
Check off the Enabled check box.
Select Per Event in the "Delivery" drop-down list.
Select All Events from the "Notifications" drop-down list.
Select CEF as the "Format" drop-down list.
Select UDP from the "Protocol" drop-down list. (Default port is 514)
Now, click Update. And click the “Test-Fire” button to send the test events to the EventTracker server.
Verification:
Login to the Seceon GUI Console with administration and navigate to System > Log/Flow Collection Status.
Inside Source Device, IP will reflect for the FireEye.
Seceon Inc. All rights reserved. https://www.seceon.com