Malicious submissions detected in the last 24 hours-fireeye-wMPS
Vendor: fireeye
OS: wMPS
Description:
Indeni checks if the total number of malicious submissions in the last 24 hours is more than 0
Remediation Steps:
Malicious submissions detected in the last 24 hours. Users are advised to further investigate into the details for any potential security incidents.
How does this work?
Indeni uses the FireEye NX “show workorders stats” cli command to retrieve the workorders information.
Why is this important?
Workorders statistics displays information about workorders that are in the queue waiting to be analyzed, in process and cumulative submission statistics. It is critical to identify any submission with anomaly. If total number of submissions with anomaly is greater than 0, it can indicate possible security incidents.
Without Indeni how would you find this?
An administrator could login and manually run the command via CLI to check the workorders statistics.
fireeye-nx-show-workorders-stats
name: fireeye-nx-show-workorders-stats
description: Show workorders statistics information
type: monitoring
monitoring_interval: 5 minute
requires:
vendor: fireeye
os.name: wMPS
privileged-mode: 'true'
comments:
fireeye-nx-workorders-submissions-with-anomaly:
why: |
Workorders statistics displays information about workorders that are in the queue waiting to be analyzed, in process and cumulative submission statistics.
It is critical to identify any submission with anomaly. If total number of submissions with anomaly is greater than 0, it can indicate possible security incidents.
how: |
Indeni uses the FireEye NX "show workorders stats" cli command to retrieve the workorders information.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: show workorders stats
parse:
type: AWK
file: show-workorders-stats.parser.1.awk
FireEyeNXWOMalwareDetectedRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/fireeye/nx/FireEyeNXWOMalwareDetectedRule.scala