Cribl FireEye HX/Trellix

Add the Cribl FireEye HX data connector.

In this guide, you will configure the FireEye HX data connector using Cribl.

Prerequisites

Add the Cribl FireEye HX data connector

  1. Log in to Radiant Security.

  2. From the navigation menu, select Settings > Data Connector and click + Add Connector.

  3. Search for and select the Cribl FireEye HX option and then click Data Feeds.

  4. Under Select your data feeds, select Cribl FireEye HX and click Credentials.

  5. Under Credential Name, give the credential an identifiable name.

  6. Under Required Credentials, add the Webhook Auth Token. This can be any value defined by you, preferably something long and rotated periodically.

  7. Click Add Connector.

Create a webhook destination in Cribl Streams

  1. Login to Cribl.

  2. Navigate to Stream.

  3. Use the top navigation to open Manage > Groups.

  4. From the list of groups, click the group that has the FireEye HX data as a Source.

  5. Use the top navigation to open Data > Destinations.

  6. Filter the Destinations to find and click Webhook.

  7. Click Add Destination.

  8. Under General Settings, configure the following:

    • Output ID: rs-cribl-fireeye-hx

    • URL: https://api.app.blastradius.ai/connectors/cribl-hx/webhook/THE_TENANT_ID/THE_CONNECTOR_ID

  9. Click Authentication and configure the following properties:

    • Authentication type: Auth Token

    • Token: the Webhook Auth Token configured in Radiant Security

  10. Click Save to save the connector configuration.

  11. Use the top navigation to open Routing > Data Routes.

  12. Click Add Route.

  13. Configure the route to send the FireEye HX data (Hosts and Alerts) to a Pipeline that outputs to the rs-cribl-fireeye-hx Destination.

PreviousConfigure Amazon S3 to forward logs to Radiant SecurityNextCrowdStrike Falcon CSPM

Last updated