fireeye-ex-bot-commands
Fetch bot commands of specified alert from FireEye EX devices
fireeye-ex-bot-commands profile=PROFILE guid=GUID
- profile=PROFILE
- FireEye EX profile
- guid=GUID
- EX Alert UUID
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | |
| profile | String | Connect profile | Identifier of FireEye EX connect profile |
| domain | String | Domain | |
| dst_port | Integer | Service port | e.g. 53, 80 |
| signature | String | Signature | e.g. Malware.Binary.xlsx |
| direction | String | Direction | e.g. GET, POST |
| command | String | Command | e.g. /fqiq/ HTTP/1.1 |
| user_agent | String | User agent | e.g. Mozilla/4.0 |
| raw | String | Raw data |