Cribl FireEye HX/Trellix

Add the Cribl FireEye HX data connector.

Overview

In this guide, you’ll onboard the FireEye HX data connector via Cribl.

Prerequisites

This configuration requires FireEye HX alert and host data to be configured as a Source(s) in Cribl Streams.

Add the Cribl FireEye HX data connector

Log in to Radiant Security.
From the navigation menu, select Settings > Data Connector and click + Add Connector.
From the list of vendors, select Cribl Webhook and click Data Feeds.
From the list of data feeds, select Cribl FireEye HX and click Credentials.
Under Credential Name, give the credential an identifiable name.
Under Required Credentials, add the Webhook Auth Token. This can be any value defined by you, preferably something long and rotated periodically.
Click Add Connector to save the connector configuration.

Create webhook destination in Cribl Streams

Login to Cribl.
Navigate to Stream.
Use the top navigation to open Manage > Groups.
From the list of groups, click the group that has the FireEye HX data as a Source.
Use the top navigation to open Data > Destinations.
Filter the Destinations to find and click Webhook.
Click Add Destination.
Under General Settings, configure the following properties:
- Output ID: rs-cribl-fireeye-hx
- URL: https://api.app.blastradius.ai/connectors/cribl-hx/webhook/THE_TENANT_ID/THE_CONNECTOR_ID
Click Authentication and configure the following properties:
- Authentication type: Auth Token
- Token: the Webhook Auth Token configured in Radiant Security
Click Save to save the connector configuration.
Use the top navigation to open Routing > Data Routes.
Click Add Route.
Configure the route to send the FireEye HX data (Hosts and Alerts) to a Pipeline that outputs to the rs-cribl-fireeye-hx Destination.

We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai

Last updated: 2024-08-23