FireEye Central Management

FireEye Central Management (CM Series) is the FireEye threat intelligence hub. It services the FireEye ecosystem, ensuring that FireEye products share the latest intelligence and correlate across attack vectors to detect and prevent cyber attacks.

Analytics & SIEM · FireEye Central Management

Configuration parameters

  • url — Your server URL (required)
  • credentials — Username (required)
  • isFetch — Fetch incidents
  • max_fetch — Max incidents to fetch
  • first_fetch — First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)
  • incidentType — Incident type
  • info_level — Info level for fetched alerts
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (11)

  • fireeye-cm-alert-acknowledge

    Confirms that the alert has been reviewed.

  • fireeye-cm-delete-quarantined-emails

    Deletes quarantined emails. This is not available when Email Security is in Drop mode.

  • fireeye-cm-download-quarantined-emails

    Download quarantined emails.

  • fireeye-cm-get-alert-details

    Searches and retrieves the details of a single alert.

  • fireeye-cm-get-alerts

    Searches and retrieves FireEye CM alerts based on several filters.

  • fireeye-cm-get-artifacts-by-uuid

    Downloads malware artifacts data for the specified UUID as a zip file.

  • fireeye-cm-get-artifacts-metadata-by-uuid

    Gets artifacts metadata for the specified UUID.

  • fireeye-cm-get-events

    Retrieves information about existing IPS NX events. An IPS enabled appliance is a prerequisite to be able to retrieve IPS event data.

  • fireeye-cm-get-quarantined-emails

    Searches and retrieves quarantined emails.

  • fireeye-cm-get-reports

    Returns reports on selected alerts.

  • fireeye-cm-release-quarantined-emails

    Releases and deletes quarantined emails. This is not available when Email Security is in Drop mode.