FireEye

the fireeye connector allows seamless integration with fireeye's security services, enabling automated threat detection and response workflows fireeye is a renowned cybersecurity company that provides advanced solutions for threat detection and response the fireeye connector for swimlane turbine enables users to automate critical security operations tasks such as acknowledging alerts, managing quarantined emails, and retrieving detailed threat intelligence by integrating with fireeye, swimlane turbine users can streamline incident response, enhance email security, and access rich threat insights directly within their automated workflows, significantly improving their security posture and response times prerequisites to effectively utilize the fireeye connector within swimlane turbine, ensure you have the following prerequisites http basic authentication with the following parameters url endpoint url for the fireeye api username your fireeye account username password your fireeye account password asset configuration this connector requires a username and a password for secure communication with the fireeye appliances it uses basic http authentication, a widely adopted method that ensures secure interactions with your fireeye systems functionalities the fireeye connector provides a comprehensive set of functionalities acknowledge alert allows for acknowledgment and recording of alerts for potential security threats delete quarantined email enables safe removal of emails in quarantine, maintaining the integrity of your communication systems download quarantined email provides the ability to retrieve quarantined emails for further review or analysis get alert details grants access to detailed information about alerts, aiding effective response to security incidents get alerts facilitates monitoring and retrieval of alerts, keeping you updated on security issues get artifact permits access to specific artifacts, such as files or documents, pertaining to potential security issues get artifact metadata allows retrieval of metadata about an artifact, providing more context about potential security incidents get events assists in tracking and obtaining event data for monitoring activities and potential security threats get quarantined emails allows access to quarantined emails for review and threat analysis get report by id enables retrieval of specific reports using their unique identifiers for easy access to pertinent information release quarantined email facilitates the safe release of a quarantined email back into the communication system by leveraging the fireeye's api capabilities, the fireeye connector offers a unified and efficient solution for managing fireeye appliances, thereby helping maintain a robust security posture configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions acknowledge alert confirm that you have reviewed the alert so that it is no longer listed in the web ui endpoint url wsapis/v2 0 0/alerts/alert/{{uuid}} method post input argument name type required description uuid string required unique identifier annotation string required parameter for acknowledge alert alerttype string optional type of the resource headers object optional http headers for the request accept string optional parameter for acknowledge alert output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok" } ] delete quarantined email delete an email in quarantine endpoint url wsapis/v2 0 0/emailmgmt/quarantine/delete method post input argument name type required description queue ids array required unique identifier headers object optional http headers for the request accept string optional parameter for delete quarantined email output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok" } ] download quarantined email download quarantined email endpoint url wsapis/v2 0 0/emailmgmt/quarantine/{{queue id}} method get input argument name type required description queue id string required unique identifier headers object optional http headers for the request accept string optional parameter for download quarantined email output parameter type description file object file file name string name of the resource file string output field file example \[ { "file" { "file name" "example name", "file" "string" } } ] get alert details get details by alert id endpoint url wsapis/v2 0 0/alerts/alert/{{alert id}} method get input argument name type required description alert id string required unique identifier headers object optional http headers for the request accept string optional parameter for get alert details output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok" } ] get alerts get alerts endpoint url wsapis/v2 0 0/alerts method get input argument name type required description info level string optional parameter for get alerts malware type string optional type of the resource file type string optional type of the resource file name string optional name of the resource start time string optional time value recipient email string optional parameter for get alerts src ip string optional parameter for get alerts url string optional url endpoint for the request alert id string optional unique identifier end time string optional time value sender email string optional parameter for get alerts callback domain string optional parameter for get alerts duration string optional parameter for get alerts dst ip string optional parameter for get alerts malware name string optional name of the resource md5 string optional parameter for get alerts headers object optional http headers for the request accept string optional parameter for get alerts output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok" } ] get artifact get artifact endpoint url wsapis/v2 0 0/artifacts/{{alert id}} method get input argument name type required description alert id string required unique identifier headers object optional http headers for the request accept string optional parameter for get artifact output parameter type description file object file file name string name of the resource file string output field file example \[ { "file" { "file name" "example name", "file" "string" } } ] get artifacts metadata gets malware artifacts metadata endpoint url /wapis/v2 0 0/artifacts/{{uuid}}/meta method get input argument name type required description uuid string required unique identifier headers object optional http headers for the request accept string optional parameter for get artifacts metadata output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok" } ] get events get events endpoint url wsapis/v2 0 0/events method get input argument name type required description duration string optional parameter for get events end time string optional time value mvx correlated only string optional parameter for get events headers object optional http headers for the request accept string optional parameter for get events output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok" } ] get quarantine emails get quarantine emails endpoint url wsapis/v2 0 0/emailmgmt/quarantine method get input argument name type required description appliance id string optional unique identifier subject string optional parameter for get quarantine emails from string optional parameter for get quarantine emails limit string optional parameter for get quarantine emails start time string optional time value end time string optional time value headers object optional http headers for the request accept string optional parameter for get quarantine emails output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok" } ] get report get report endpoint url /wsapis/v1 2 0/reports/report method get input argument name type required description report type string required type of the resource infection id string required unique identifier infection type string required type of the resource headers object optional http headers for the request accept string optional parameter for get report output parameter type description file object file file name string name of the resource file string output field file example \[ { "file" { "file name" "example name", "file" "string" } } ] release quarantined email releases quarantined emails from specified queues in fireeye using sensor names and queue ids endpoint url /wsapis/v2 0 0/emailmgmt/quarantine/release method post input argument name type required description sensorname string required the sensor display name queue ids array required unique identifier headers object optional http headers for the request accept string optional parameter for release quarantined email output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content type" "application/json", "date" "thu, 01 jan 2024 00 00 00 gmt" }, "reason" "ok" } ] response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt notes authentication documentation https //docs trellix com/bundle/api ref/page/uuid 4ff666e7 f5d9 0687 aaa0 f716792959d7 htmlapi documentation https //docs trellix com/bundle/api ref/page/uuid b24af738 b712 2712 0724 ee6e9430175f html