Ctrlk
ProductBook a demoOpen app
linkedinyoutube

FireEye HX

Connect FireEye HX (now Trellix Endpoint Security HX) to Radiant Security to forward alerts and host data through Cribl Stream for AI triage.

FireEye HX (now Trellix Endpoint Security HX) is an endpoint detection and response product that detects intrusions, malware, lateral movement, and credential theft on managed hosts. Connecting through Cribl Stream forwards FireEye HX alerts and host data to Radiant Security over a webhook. Radiant uses these alerts for AI triage, classifying and enriching each before it reaches an analyst.

Prerequisites

Add the data connector in Radiant Security

  1. Sign in to Radiant Security.

  2. From the navigation menu, select Settings > Data Connectors, then click + Add Connector.

  3. Search for and select FireEye HX, then click Data Feeds.

  4. Under Select your data feeds, select FireEye HX, then click Credentials.

  5. Under Credential Name, enter an identifiable name for this credential.

  6. Under Required Credentials, enter a Webhook Auth Token. Use a long, randomly generated value, and rotate it periodically.

  7. Click Add Connector.

  8. Open the newly created connector. Under Vendor Configuration, copy and save the Webhook URL. You will need it in the Create a webhook destination in Cribl Stream section.

Create a webhook destination in Cribl Stream

  1. Sign in to Cribl.

  2. Navigate to Stream.

  3. Use the top navigation to open Manage > Groups.

  4. From the list of groups, click the group that has the FireEye HX data as a Source.

  5. Use the top navigation to open Data > Destinations.

  6. Filter the Destinations and click Webhook.

  7. Click Add Destination.

  8. Under General Settings, configure the following:

    • Output ID: rs-cribl-fireeye-hx

    • URL: the Webhook URL copied from Radiant Security.

  9. Click Authentication and configure the following:

    • Authentication type: Auth Token

    • Token: the Webhook Auth Token configured in Radiant Security.

  10. Click Save.

  11. Use the top navigation to open Routing > Data Routes.

  12. Click Add Route.

  13. Configure the route to send FireEye HX data (Hosts and Alerts) to a Pipeline that outputs to the rs-cribl-fireeye-hx Destination. For details on configuring Routes and Pipelines, see the Cribl Stream Routing documentation.

Verify ingestion

After Cribl Stream begins forwarding, confirm events are reaching Radiant.

  1. In Radiant, navigate to Log Management.

  2. Filter by rs_connectorType:"cribl_webhook_hx".

  3. Confirm recent events appear.

Allow several minutes for events to be parsed, indexed, and available for search.

PreviousExecute Response Actions with KnowBe4NextForcepoint

Last updated

Was this helpful?