curiousecurity

Yet another blog about info & networking security this and that… Buzzword… Catchphrase…

  • Posts
  • About
  • Career
  • Education
  • Contact
  • LinkedIn
  • GitHub
  • Email

FireEye Dashboards Replicated In Splunk

August 21, 2014 by ryanhorst Leave a Comment

After installing the FireEye app for Spunk and having some issues with it, the app was uninstalled, which left a gap that needed to be filled. So off I went into Splunk land to see if I could scrounge together some decent "dashboard" worthy search queries that could help display important information. Below are a collection of the search queries I have built thus far. It is, be no means, an exhaustive list because anyone who knows Splunk easily knows that there are soooo many more ways to show … [Read more...]

Filed Under: Howto Article, Linux, Network Security, Threat Protecton and Prevention Tagged With: FireEye, Splunk

FireEye Role Based Access Control (RBAC)

April 16, 2014 by ryanhorst 7 Comments

Regarding role based access control and Active Directory integration with FireEye back in FEOS versions 7.0.x (webmps), 6.3.2 (emailmps) and 6.4.1 (CMS), we only had the ability to map a single Active Directory group to a single FireEye "role". And most enterprises would probably have mapped that single group to the Admin role. Well..... Fast >> Forward >> to FEOS 7.1 "Shasta" where FireEye has merged the various code revisions for web/email/CMS into one single version, and we are … [Read more...]

Filed Under: Howto Article, Linux, Network Security, Threat Protecton and Prevention Tagged With: Active Directory, FireEye, LDAP, RBAC

BlueCoat Proxy Splash Page For FireEye Integration

March 29, 2014 by ryanhorst

Hello again. If you are here, you are probably looking for some HowTo help on FireEye Integration With BlueCoat Proxy, or perhaps you have already completed that and are looking for a good splash page to use for FireEye blocks. Either way, I thank you for stopping by, and hope to be of some assistance if possible. When I started working on the integration it was actually fairly simplistic, in that the proxy is just using the FireEye output as an input for the Central Policy file, which we … [Read more...]

Filed Under: Network Security, Threat Protecton and Prevention, Web Proxy Tagged With: BlueCoat, FireEye, ProxySG

FireEye Integration With BlueCoat Proxy

January 18, 2014 by ryanhorst

This tutorial will assist you in setting up FireEye Integration With BlueCoat Proxy, by using a URL list populated by FireEye to use in the BlueCoat as another web filter. This filter can then be used in BlueCoat policy just like the BCWF, McAfee Smartfilter, etc... … [Read more...]

Filed Under: Howto Article, Information Security, Linux, Network Security, Threat Protecton and Prevention, Uncategorized, Web Proxy Tagged With: BlueCoat, FireEye, Integration, ProxySG