Endpoint Logs
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Endpoint Logs

      Cribl FireEye HX/Trellix

      Add the Cribl FireEye HX data connector.

      Overview

      In this guide, you’ll onboard the FireEye HX data connector via Cribl.

      Prerequisites

      This configuration requires FireEye HX alert and host data to be configured as a Source(s) in Cribl Streams.

      Add the Cribl FireEye HX data connector

      1. Log in to Radiant Security.
      2. From the navigation menu, select Settings > Data Connector and click + Add Connector.
      3. From the list of vendors, select Cribl Webhook and click Data Feeds.
      4. From the list of data feeds, select Cribl FireEye HX and click Credentials.
      5. Under Credential Name, give the credential an identifiable name.
      6. Under Required Credentials, add the Webhook Auth Token. This can be any value defined by you, preferably something long and rotated periodically.
      7. Click Add Connector to save the connector configuration.
      		 Screenshot 2023-06-19 at 3.08.16 PM

      Create webhook destination in Cribl Streams

      1. Login to Cribl.
      2. Navigate to Stream.
      3. Use the top navigation to open Manage > Groups.
      4. From the list of groups, click the group that has the FireEye HX data as a Source.
      5. Use the top navigation to open Data > Destinations.
      6. Filter the Destinations to find and click Webhook.
      7. Click Add Destination.
      8. Under General Settings, configure the following properties:
        • Output ID: rs-cribl-fireeye-hx
        • URL: https://api.app.blastradius.ai/connectors/cribl-hx/webhook/THE_TENANT_ID/THE_CONNECTOR_ID
          Screenshot 2023-06-19 at 3.11.52 PM(1)
      9. Click Authentication and configure the following properties:
        • Authentication type: Auth Token
        • Token: the Webhook Auth Token configured in Radiant Security
          Screenshot 2023-06-19 at 3.12.15 PM
      10. Click Save to save the connector configuration.
      11. Use the top navigation to open Routing > Data Routes.
      12. Click Add Route.
      13. Configure the route to send the FireEye HX data (Hosts and Alerts) to a Pipeline that outputs to the rs-cribl-fireeye-hx Destination.

       

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-08-23