FireEye Central Management
FireEye Central Management (CM Series) is the FireEye threat intelligence hub. It services the FireEye ecosystem, ensuring that FireEye products share the latest intelligence and correlate across attack vectors to detect and prevent cyber attacks.
Analytics & SIEM · FireEye Central Management
Configuration parameters
url— Your server URL (required)credentials— Username (required)isFetch— Fetch incidentsmax_fetch— Max incidents to fetchfirst_fetch— First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year)incidentType— Incident typeinfo_level— Info level for fetched alertsinsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (11)
-
fireeye-cm-alert-acknowledgeConfirms that the alert has been reviewed.
-
fireeye-cm-delete-quarantined-emailsDeletes quarantined emails. This is not available when Email Security is in Drop mode.
-
fireeye-cm-download-quarantined-emailsDownload quarantined emails.
-
fireeye-cm-get-alert-detailsSearches and retrieves the details of a single alert.
-
fireeye-cm-get-alertsSearches and retrieves FireEye CM alerts based on several filters.
-
fireeye-cm-get-artifacts-by-uuidDownloads malware artifacts data for the specified UUID as a zip file.
-
fireeye-cm-get-artifacts-metadata-by-uuidGets artifacts metadata for the specified UUID.
-
fireeye-cm-get-eventsRetrieves information about existing IPS NX events. An IPS enabled appliance is a prerequisite to be able to retrieve IPS event data.
-
fireeye-cm-get-quarantined-emailsSearches and retrieves quarantined emails.
-
fireeye-cm-get-reportsReturns reports on selected alerts.
-
fireeye-cm-release-quarantined-emailsReleases and deletes quarantined emails. This is not available when Email Security is in Drop mode.