Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

FireEye Events Report

by Josef Weiss
August 5, 2014

Displaying a summary of FireEye events is easier than ever. This report provides an overview of collected events using SecurityCenter Continuous View (CV). The events collected from FireEye provide the analyst with many different methods to quickly respond to triggered alerts. This report is meant to enhance the FireEye Events Dashboard collection.

FireEye device alerts, such as infections, malware objects, malware callbacks, and more are aggregated and correlated by Tenable’s Log Correlation Engine (LCE). The importance of near-instant visibility is apparent as threats are pinpointed rapidly. The report contains chapters that provide a visual trend of event indications and results via trend graphs and tables containing normalized events, and actual raw log data.

SecurityCenter Continuous View (CV) provides a fully integrated view into the events collected from FireEye. Through advanced threat detections, SecurityCenter CV can enhance the capabilities of threat mitigation through preventative alerts. LCE correlates data from FireEye and other resources to provide accurate alerting and enhanced vulnerability detection.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:

  • SecurityCenter 4.8.1
  • LCE 4.2.2
  • FireEye Appliance as log source

The reports data is displayed in three chapters covering 'Event Trends', 'Alerts', and 'Raw Event Details'

Event Trends

This chapter provides a 7-date trend of malware events and normalized event summary of the events collected during the same time period. The trend analysis allows the analyst to view spikes in FireEye alerts over the past week, and to correlate malware specific events against a total event count. The normalized trend data table displays trend data of FireEye events, the associated counts of events, and the name of the triggered events over the last 7 days.

Alerts

This chapter contains tables to present the analyst with a detailed listing of the last 7 days of FireEye Web Infection alerts, Domain Match Alerts, Malware Callback Alerts, and Malware Object Alerts. Displayed within the table is the time the event occurred, event name, source IP address, destination IP address, destination port, the reporting sensor, and the event type category, filtered on this particular FireEye alert. The reporting period is 7 days.

Raw Event Details

The chapter provides more complete details on every event by displaying the raw data of each log alert as it was sent to the Log Correlation Engine. In addition to the exact log data, the time stamp that the alert was received, the event type, and the sensor that reported the event is also presented to the analyst.

Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.