Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

FireEye

 

The JSA DSM for FireEye accepts syslog events in Log Event Extended Format (LEEF) and Common Event Format (CEF).

This DSM applies to FireEye CMS, MPS, EX, AX, NX, FX, and HX appliances. JSA records all relevant notification alerts that are sent by FireEye appliances.

The following table identifies the specifications for the FireEye DSM.

Table 1: FireEye DSM Specifications

Specification

Value

Manufacturer

FireEye

DSM name

FireEye MPS

Supported versions

CMS, MPS, EX, AX, NX, FX, and HX

RPM file name

DSM-FireEyeMPS-JSA_version-Build_number.noarch.rpm

Protocol

Syslog

JSA recorded event types

All relevant events

Auto discovered?

Yes

Includes identity?

No

More information

FireEye website (www.fireeye.com)

To integrate FireEye with JSA, use the following procedures:

  1. If automatic updates are not enabled, download and install the DSM Common and FireEye MPS RPM on your JSA Console.

  2. For each instance of FireEye in your deployment, configure the FireEye system to forward events to JSA.

  3. For each instance of FireEye, create an FireEye log source on the JSA Console.