FireEye

the fireeye connector allows seamless integration with fireeye's security services, enabling automated threat detection and response workflows fireeye is a renowned cybersecurity company that provides advanced solutions for threat detection and response the fireeye connector for swimlane turbine enables users to automate critical security operations tasks such as acknowledging alerts, managing quarantined emails, and retrieving detailed threat intelligence by integrating with fireeye, swimlane turbine users can streamline incident response, enhance email security, and access rich threat insights directly within their automated workflows, significantly improving their security posture and response times prerequisites to effectively utilize the fireeye connector within swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url endpoint url for the fireeye api username your fireeye account username password your fireeye account password asset configuration this connector requires a username and a password for secure communication with the fireeye appliances it uses basic http authentication, a widely adopted method that ensures secure interactions with your fireeye systems functionalities the fireeye connector provides a comprehensive set of functionalities acknowledge alert allows for acknowledgment and recording of alerts for potential security threats delete quarantined email enables safe removal of emails in quarantine, maintaining the integrity of your communication systems download quarantined email provides the ability to retrieve quarantined emails for further review or analysis get alert details grants access to detailed information about alerts, aiding effective response to security incidents get alerts facilitates monitoring and retrieval of alerts, keeping you updated on security issues get artifact permits access to specific artifacts, such as files or documents, pertaining to potential security issues get artifact metadata allows retrieval of metadata about an artifact, providing more context about potential security incidents get events assists in tracking and obtaining event data for monitoring activities and potential security threats get quarantined emails allows access to quarantined emails for review and threat analysis get report by id enables retrieval of specific reports using their unique identifiers for easy access to pertinent information release quarantined email facilitates the safe release of a quarantined email back into the communication system by leveraging the fireeye's api capabilities, the fireeye connector offers a unified and efficient solution for managing fireeye appliances, thereby helping maintain a robust security posture notes https //docs trellix com/bundle/api ref/page/uuid 4ff666e7 f5d9 0687 aaa0 f716792959d7 html https //docs trellix com/bundle/api ref/page/uuid b24af738 b712 2712 0724 ee6e9430175f html configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions acknowledge alert confirm that you have reviewed the alert so that it is no longer listed in the web ui endpoint url wsapis/v2 0 0/alerts/alert/{{uuid}} method post input argument name type required description path parameters uuid string required parameters for the acknowledge alert action parameters annotation string required parameters for the acknowledge alert action parameters alerttype string optional parameters for the acknowledge alert action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} delete quarantined email delete an email in quarantine endpoint url wsapis/v2 0 0/emailmgmt/quarantine/delete method post input argument name type required description headers object optional http headers for the request headers accept string optional http headers for the request queue ids array optional unique identifier input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} download quarantined email download quarantined email endpoint url wsapis/v2 0 0/emailmgmt/quarantine/{{queue id}} method get input argument name type required description path parameters queue id string required parameters for the download quarantined email action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/octet stream"}} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" {"file name" "example name","file" "string"}} get alert details get details by alert id endpoint url wsapis/v2 0 0/alerts/alert/{{alert id}} method get input argument name type required description path parameters alert id string required parameters for the get alert details action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} get alerts get alerts endpoint url wsapis/v2 0 0/alerts method get input argument name type required description parameters info level string optional parameters for the get alerts action parameters malware type string optional parameters for the get alerts action parameters file type string optional parameters for the get alerts action parameters file name string optional parameters for the get alerts action parameters start time string optional parameters for the get alerts action parameters recipient email string optional parameters for the get alerts action parameters src ip string optional parameters for the get alerts action parameters url string optional parameters for the get alerts action parameters alert id string optional parameters for the get alerts action parameters end time string optional parameters for the get alerts action parameters sender email string optional parameters for the get alerts action parameters callback domain string optional parameters for the get alerts action parameters duration string optional parameters for the get alerts action parameters dst ip string optional parameters for the get alerts action parameters malware name string optional parameters for the get alerts action parameters md5 string optional parameters for the get alerts action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} get artifact get artifact endpoint url wsapis/v2 0 0/artifacts/{{alert id}} method get input argument name type required description path parameters alert id string required parameters for the get artifact action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/octet stream"}} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" {"file name" "example name","file" "string"}} get artifacts metadata gets malware artifacts metadata endpoint url /wapis/v2 0 0/artifacts/{{uuid}}/meta method get input argument name type required description path parameters uuid string required parameters for the get artifacts metadata action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} get events get events endpoint url wsapis/v2 0 0/events method get input argument name type required description parameters duration string optional parameters for the get events action parameters end time string optional parameters for the get events action parameters mvx correlated only string optional parameters for the get events action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} get quarantine emails get quarantine emails endpoint url wsapis/v2 0 0/emailmgmt/quarantine method get input argument name type required description parameters appliance id string optional parameters for the get quarantine emails action parameters subject string optional parameters for the get quarantine emails action parameters from string optional parameters for the get quarantine emails action parameters limit string optional parameters for the get quarantine emails action parameters start time string optional parameters for the get quarantine emails action parameters end time string optional parameters for the get quarantine emails action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} get report get report endpoint url /wsapis/v1 2 0/reports/report method get input argument name type required description parameters report type string required parameters for the get report action parameters infection id string required parameters for the get report action parameters infection type string required parameters for the get report action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" {"file name" "example name","file" "string"}} release quarantined email releases quarantined emails from specified queues in fireeye using sensor names and queue ids endpoint url /wsapis/v2 0 0/emailmgmt/quarantine/release method post input argument name type required description parameters sensorname string required the sensor display name headers object optional http headers for the request headers accept string optional http headers for the request queue ids array optional unique identifier input example {"parameters" {"sensorname" "blade1 vex3"},"json body" {"queue ids" \["463jzf5n0hzshwd"]},"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt