Number of malicious objects detected is increasing-fireeye-wMPS

Number of malicious objects detected is increasing-fireeye-wMPS
0

Number of malicious objects detected is increasing-fireeye-wMPS

Vendor: fireeye

OS: wMPS

Description:
Indeni will alert if number of malicious objects detected is increasing.

Remediation Steps:
Users are advised to further investigate into the malicious objects identified for any potential security breaches

How does this work?
Indeni uses the FireEye NX “show object analysis” cli command to retrieve the malicious object information.

Why is this important?
Object analysis statistics displays the malicious object statistics based on the Web traffic that the NX Series appliance monitors in the network. It is important to monitor the number of malicious objects identified by NX appliance, to help futher in detection of any suspicious activity.

Without Indeni how would you find this?
An administrator could login and manually run the command via CLI or check the blat informaiton via the GUI.

fireeye-nx-show-object-analysis

name: fireeye-nx-show-object-analysis
description: Fetch Malicious object analysis information
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: fireeye
    os.name: wMPS
    privileged-mode: 'true'
comments:
    fireeye-nx-malicious-objects:
        why: |
            Object analysis statistics displays the malicious object statistics based on the Web traffic that the NX Series appliance monitors in the network.
            It is important to monitor the number of malicious objects identified by NX appliance, to help futher in detection of any suspicious activity.
        how: |
            Indeni uses the FireEye NX "show object analysis" cli command to retrieve the malicious object information.
        without-indeni: |
            An administrator could login and manually run the command via CLI or check the blat informaiton via the GUI.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show object-analysis
    parse:
        type: AWK
        file: show-object-analysis.parser.1.awk

FireEyeNxMaliciousObjectsRule

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package templatebased.fireeye.nx

import com.indeni.server.rules.library.templates.CounterIncreaseTemplateRule

/**
  *
  */

case class FireEyeNxMaliciousObjectsRule() extends CounterIncreaseTemplateRule(
  ruleName = "FireEyeNxMaliciousObjectsRule",
  ruleFriendlyName = "FireEye NX: Number of malicious objects detected is increasing",
  ruleDescription = "Indeni will alert if number of malicious objects detected is increasing.",
  metricName = "fireeye-nx-malicious-objects",
  applicableMetricTag = "name",
  alertDescription = "Number of malicious objects detected is increasing.",
  alertRemediationSteps = "Users are advised to further investigate into the malicious objects identified for any potential security breaches",
  alertItemsHeader = "Details"
)()