Number of malicious objects detected is increasing-fireeye-wMPS
Vendor: fireeye
OS: wMPS
Description:
Indeni will alert if number of malicious objects detected is increasing.
Remediation Steps:
Users are advised to further investigate into the malicious objects identified for any potential security breaches
How does this work?
Indeni uses the FireEye NX “show object analysis” cli command to retrieve the malicious object information.
Why is this important?
Object analysis statistics displays the malicious object statistics based on the Web traffic that the NX Series appliance monitors in the network. It is important to monitor the number of malicious objects identified by NX appliance, to help futher in detection of any suspicious activity.
Without Indeni how would you find this?
An administrator could login and manually run the command via CLI or check the blat informaiton via the GUI.
fireeye-nx-show-object-analysis
name: fireeye-nx-show-object-analysis
description: Fetch Malicious object analysis information
type: monitoring
monitoring_interval: 5 minute
requires:
vendor: fireeye
os.name: wMPS
privileged-mode: 'true'
comments:
fireeye-nx-malicious-objects:
why: |
Object analysis statistics displays the malicious object statistics based on the Web traffic that the NX Series appliance monitors in the network.
It is important to monitor the number of malicious objects identified by NX appliance, to help futher in detection of any suspicious activity.
how: |
Indeni uses the FireEye NX "show object analysis" cli command to retrieve the malicious object information.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: show object-analysis
parse:
type: AWK
file: show-object-analysis.parser.1.awk
FireEyeNxMaliciousObjectsRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/fireeye/nx/FireEyeNxMaliciousObjectsRule.scala