Security Content Updates configuration is in bad state-fireeye-wMPS
Vendor: fireeye
OS: wMPS
Description:
Indeni will alert if Security Content Updates is not enabled or updates are not downloaded and installed.
Remediation Steps:
Users are advised to ensure Security Content Updates is enabled and updates are downloaded and installed on the FireEye NX device.
How does this work?
Indeni uses the FireEye NX cli “show fenet security-content status” command to retrieve the information and alerts the user if the update is not set to enabled.
Why is this important?
It is important to ensure that the security content update is enabled and the downloaded updates are installed on the FireEye NX device.
Without Indeni how would you find this?
User has to manually login to the device’s cli or web interface and check for the status update.
fireeye-nx-show-fenet-security-content-status
name: fireeye-nx-show-fenet-security-content-status
description: Fetch security content status update information
type: monitoring
monitoring_interval: 5 minute
requires:
vendor: fireeye
os.name: wMPS
privileged-mode: 'true'
comments:
fireeye-nx-content-update-status:
why: |
It is important to ensure that the security content update is enabled and the downloaded updates are installed on the FireEye NX device.
how: |
Indeni uses the FireEye NX cli "show fenet security-content status" command to retrieve the information and alerts the user if the update is not set to enabled.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: show fenet security-content status
parse:
type: AWK
file: show-fenet-security-content-status.parser.1.awk
FireEyeNXSecurityContentStatusRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/fireeye/nx/FireEyeNXSecurityContentStatusRule.scala