FireEye NX Network Security helps you detect and block attacks from the web. It protects the entire spectrum of attacks from relatively unsophisticated drive-by malware to highly targeted zero-day exploits. Its capabilities provide an extremely low false positive rate by leveraging the FireEye Multi-Vector Virtual Execution (MVX) engine to confirm when malware calls out to C&C servers.
Configuring syslog forwarding
- Log onto the FireEye NX Web.
- Go to Settings > Notifications.
- Check off rsyslog to enable a Syslog notification configuration.
- Enter a name to label your FireEye connection to the Chronicle instances in the Name field.
- Click the Add Rsyslog Server button.
- Enter the Chronicle forwarder IP address in the "IP Address" field.
- Check off the Enabled check box.
- Select Per Event in the "Delivery" drop-down list.
- Select All Events from the "Notifications" drop-down list.
- Select CEF as the "Format" drop-down list.
- Leave the "Account" field empty.
- Select UDP from the "Protocol" drop-down list. (Port number: 11583)
- Click the Update
NOTE: Ensure that you send syslog to the collector on a unique UDP or TCP port (Port number: 11583).