Fireeye

fireeye is a cybersecurity platform that provides advanced threat protection and intelligence solutions fireeye is a leading cybersecurity platform that provides advanced threat protection and intelligence the fireeye connector for swimlane turbine enables seamless integration with fireeye's robust security operations, allowing users to automate alert management, email quarantine actions, and threat intelligence retrieval by integrating fireeye with swimlane turbine, security teams can enhance their incident response capabilities, streamline threat analysis, and improve overall security posture through automated workflows prerequisites before you can use the fireeye connector for turbine, you'll need access to the fireeye api this requires the following http basic authentication using the following parameters url the endpoint url for accessing the fireeye api username your fireeye account username password your fireeye account password asset configuration this connector requires a username and a password for secure communication with the fireeye appliances it uses basic http authentication, a widely adopted method that ensures secure interactions with your fireeye systems functionalities the fireeye connector provides a comprehensive set of functionalities acknowledge alert allows for acknowledgment and recording of alerts for potential security threats delete quarantined email enables safe removal of emails in quarantine, maintaining the integrity of your communication systems download quarantined email provides the ability to retrieve quarantined emails for further review or analysis get alert details grants access to detailed information about alerts, aiding effective response to security incidents get alerts facilitates monitoring and retrieval of alerts, keeping you updated on security issues get artifact permits access to specific artifacts, such as files or documents, pertaining to potential security issues get artifact metadata allows retrieval of metadata about an artifact, providing more context about potential security incidents get events assists in tracking and obtaining event data for monitoring activities and potential security threats get quarantined emails allows access to quarantined emails for review and threat analysis get report by id enables retrieval of specific reports using their unique identifiers for easy access to pertinent information release quarantined email facilitates the safe release of a quarantined email back into the communication system by leveraging the fireeye's api capabilities, the fireeye connector offers a unified and efficient solution for managing fireeye appliances, thereby helping maintain a robust security posture notes authentication documentation https //docs trellix com/bundle/api ref/page/uuid 4ff666e7 f5d9 0687 aaa0 f716792959d7 htmlapi documentation https //docs trellix com/bundle/api ref/page/uuid b24af738 b712 2712 0724 ee6e9430175f html additional documentation fireeye connector documentation https //docs swimlane com/connectors/fireeyefireeye api documentation https //docs trellix com/bundle/api ref/page/uuid 4ff666e7 f5d9 0687 aaa0 f716792959d7 html configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions acknowledge alert confirm review of an alert in fireeye to remove it from the web ui requires uuid as a path parameter and annotation as a parameter endpoint url wsapis/v2 0 0/alerts/alert/{{uuid}} method post input argument name type required description path parameters uuid string required parameters for the acknowledge alert action parameters annotation string required parameters for the acknowledge alert action parameters alerttype string optional parameters for the acknowledge alert action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} delete quarantined email delete an email from quarantine in fireeye using queue ids provided in the json body endpoint url wsapis/v2 0 0/emailmgmt/quarantine/delete method post input argument name type required description headers object optional http headers for the request headers accept string optional http headers for the request queue ids array optional unique identifier input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} download quarantined email download a quarantined email from fireeye using the specified queue id as a path parameter endpoint url wsapis/v2 0 0/emailmgmt/quarantine/{{queue id}} method get input argument name type required description path parameters queue id string required parameters for the download quarantined email action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/octet stream"}} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" {"file name" "example name","file" "string"}} get alert details retrieve detailed information for a specific alert in fireeye using the alert id as a path parameter endpoint url wsapis/v2 0 0/alerts/alert/{{alert id}} method get input argument name type required description path parameters alert id string required parameters for the get alert details action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} get alerts retrieve alerts from fireeye to monitor and analyze potential security threats endpoint url wsapis/v2 0 0/alerts method get input argument name type required description parameters info level string optional parameters for the get alerts action parameters malware type string optional parameters for the get alerts action parameters file type string optional parameters for the get alerts action parameters file name string optional parameters for the get alerts action parameters start time string optional parameters for the get alerts action parameters recipient email string optional parameters for the get alerts action parameters src ip string optional parameters for the get alerts action parameters url string optional parameters for the get alerts action parameters alert id string optional parameters for the get alerts action parameters end time string optional parameters for the get alerts action parameters sender email string optional parameters for the get alerts action parameters callback domain string optional parameters for the get alerts action parameters duration string optional parameters for the get alerts action parameters dst ip string optional parameters for the get alerts action parameters malware name string optional parameters for the get alerts action parameters md5 string optional parameters for the get alerts action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} get artifact retrieve an artifact from fireeye using the specified alert id as a path parameter endpoint url wsapis/v2 0 0/artifacts/{{alert id}} method get input argument name type required description path parameters alert id string required parameters for the get artifact action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/octet stream"}} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" {"file name" "example name","file" "string"}} get artifacts metadata get metadata of malware artifacts from fireeye using the uuid as a path parameter endpoint url /wapis/v2 0 0/artifacts/{{uuid}}/meta method get input argument name type required description path parameters uuid string required parameters for the get artifacts metadata action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} get events retrieve events from fireeye to analyze security incidents and threats endpoint url wsapis/v2 0 0/events method get input argument name type required description parameters duration string optional parameters for the get events action parameters end time string optional parameters for the get events action parameters mvx correlated only string optional parameters for the get events action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} get quarantine emails retrieve emails that have been quarantined in fireeye for further analysis and action endpoint url wsapis/v2 0 0/emailmgmt/quarantine method get input argument name type required description parameters appliance id string optional parameters for the get quarantine emails action parameters subject string optional parameters for the get quarantine emails action parameters from string optional parameters for the get quarantine emails action parameters limit string optional parameters for the get quarantine emails action parameters start time string optional parameters for the get quarantine emails action parameters end time string optional parameters for the get quarantine emails action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} get report retrieve a detailed report from fireeye using parameters such as report type, infection id, and infection type endpoint url /wsapis/v1 2 0/reports/report method get input argument name type required description parameters report type string required parameters for the get report action parameters infection id string required parameters for the get report action parameters infection type string required parameters for the get report action headers object optional http headers for the request headers accept string optional http headers for the request input example {"headers" {"accept" "application/json"}} output parameter type description file object file file file name string name of the resource file file string output field file file output example {"file" {"file name" "example name","file" "string"}} release quarantined email release quarantined emails from specified queues in fireeye using sensor names and queue ids endpoint url /wsapis/v2 0 0/emailmgmt/quarantine/release method post input argument name type required description parameters sensorname string required the sensor display name headers object optional http headers for the request headers accept string optional http headers for the request queue ids array optional unique identifier input example {"parameters" {"sensorname" "blade1 vex3"},"json body" {"queue ids" \["463jzf5n0hzshwd"]},"headers" {"accept" "application/json"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt