FireEye EX

Download 29
Last updated May 24, 2022

fireeye-ex-alerts

Fetch alerts from FireEye EX devices

fireeye-ex-alerts [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
duration=NUM{mon|w|d|h|m|s}
현재 시각으로부터 일정 시간 범위 이내의 로그로 한정. s(초), m(분), h(시), d(일), mon(월) 단위로 지정할 수 있습니다. 예를 들면, 10s의 경우 현재 시각으로부터 10초 이전까지의 범위를 의미합니다.
from=yyyyMMddHHmmss
Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
to=yyyyMMddHHmmss
End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero. Tomorrow 00:00 by default.

Output Fields

FieldTypeNameDescription
_timeDateTime
profileStringConnect profileIdentifier of FireEye EX connect profile
idIntegerID
inf_idIntegerInfection ID
typeStringTypee.g. Malware Object
signatureStringSignaturee.g. InfoStealer.MSIL.AGENTTESLA.MVX
file_typeStringFile typee.g. rar, url, email
file_nameStringFile namee.g. INV-KAX 210816001.arj
severityIntegerSeverity
mail_fromStringSender address
mail_toStringRecipient address
urlStringURL
email_statusStringEmail statuse.g. Quarantined, Missed
md5StringMD5
sha256StringSHA256
download_pathStringDownload path
campaign_idIntegerCampaign ID
campaign_nameStringCampaign name
campaign_sizeIntegerCampaign size
campaign_statusIntegerCampaign status
url_click_blocked_badgeBoolURL click blocked badge
url_click_missed_badgeBoolURL click missed badge
threat_info_badgeBoolThreat info badge
https_alert_badgeBoolHTTPS alert badge
erspan_badgeBoolERSPAN badge
icap_badgeBoolICAP badge
retroactive_badgeBoolRetroactive badge
vxlan_badgeBoolVXLAN badge
sv_correlated_badgeBoolSV correlated badge