Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Device Integration Fire Eye

 

Overview

The FireEye Network Security and Forensics (NX) is an effective cyber threat protection solution. It helps organizations minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted and other evasive attacks hiding in Internet traffic. EventTracker, when integrated with FireEye NX, collects logs from FireEye NX and creates detailed reports, alerts, dashboards and saved searches. These attributes of EventTracker help users to view critical and important information on a single platform.

With FireEye Network Security, organizations are effectively protected against today’s threats whether they exploit Microsoft Windows or Apple OS X operating systems.

Ref. link: https://www.netsurion.com/Corporate/media/Corporate/Files/Support-Docs/How-to-Configure-FireEye-to-forward-logs-to-EventTracker.pdf

Prerequisites

  • VCP (virtual collection point) syslog port should be opened.

  • Port 514 should be allowed in Firewall (if applicable).

Configuring a Syslog Forwarding

Integrating FireEye NX with EventTracker


Follow the below steps to configure the syslog.

  1. Login to FireEye NX Web UI with an admin account.

  2. Navigate to Settings > Notifications.

  3. Click rsyslog and Check the “Event type” check box.

  4. Make sure Rsyslog settings are:
    Default format: CEF
    Default delivery: Per event
    Default send as Alert

  5. Next to the “Add Rsyslog Server” button, type “EventTracker”. And, click on “Add Rsyslog Server”
    button.

  6. Enter the EventTracker server IP address in the "IP Address" field. (Public IP, if hosted in the cloud)

  7. Check off the Enabled check box.

  8. Select Per Event in the "Delivery" drop-down list.

  9. Select All Events from the "Notifications" drop-down list.

  10. Select CEF as the "Format" drop-down list.

  11. Select UDP from the "Protocol" drop-down list. (Default port is 514)

  12. Now, click Update. And click the “Test-Fire” button to send the test events to the EventTracker server.

 

Verification:

Login to the Seceon GUI Console with administration and navigate to System > Log/Flow Collection Status.

Inside Source Device, IP will reflect for the FireEye.

Seceon Inc. All rights reserved. https://www.seceon.com