FireEye FX

Download 33
Last updated Jun 26, 2022

fireeye-fx-alerts

Fetch alerts from FireEye FX devices

fireeye-fx-alerts [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss]
duration=NUM{mon|w|d|h|m|s}
Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example, 10s means data from 10 seconds earlier.
from=yyyyMMddHHmmss
Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
to=yyyyMMddHHmmss
End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero. Tomorrow 00:00 by default.

Output Fields

FieldTypeNameDescription
_timeDateAlert time
profileStringConnect profileIdentifier of FireEye FX connect profile
idIntegerAlert ID
typeStringTypee.g. Malware Object
signatureStringSignaturee.g. Trojan.Win32.Tiggre.FEC3
file_typeStringFile typee.g. zip
scan_nameStringScan name
urlStringURL
statusStringStatuse.g. Success, Duplicate
md5StringMD5
sha256StringSHA256
submitted_atDateSubmitted time
started_atDateStarted time
completed_atDateCompleted time
parentBoolParent or not
threat_info_badgeBoolThreat info badge
malicious_alertsBoolMalicious alertAnalyze digital sign, entropy, packer, API hooking, and so on
os_change_graphBoolOS change graph
os_change_tableBoolOS change table
pe_viewBoolPE view
obj_hashBoolObject hashInclude crc32, md5, sha1, sha256, ssdeep
hex_viewBoolHex view
mitre_viewBoolMITRE viewInclude MITRE attack TTP mappings
download_pathStringDownload pathXML report download path
guidStringAlert GUID