The Enricher Module for FireEye Endpoint Security allows MD5 data to be automatically submitted to FireEye’s intelligence for verification if a binary launch was malicious. Verification on the file is then added into an existing alert. If FireEye does not have any data about the file, then an additional option to automatically submit the binary to your local AX product for an MVX analysis is available. After the MVX analysis is completed, an OS change report is then returned. If the file is malicious, a new alert will appear in the Endpoint Security console labeled as PRO. Enricher is also used for additional validation on Real Time Indicator alerts, where detected binaries can be automatically submitted for further evaluation through the AX product and an OS change report returned into the alert.
As this is a tech preview module, the usual support SLAs don’t apply to the module. You can also provide feedback to the module team through the email listed below.
You will need to install the Administration Module first before other modules. Please also contact your account FireEye Sales Engineer before installing.
|Requirements:||FireEye Endpoint Security Server 4.8+ and Agent 30+|