FireEye EX Connector



The FireEye EX connector integrates ThreatQ with a FireEye EX appliance. It is a bidirectional integration that is used for

1) uploading YARA rules from a saved search in ThreatQ to FireEye, and

2) searching in FireEye EX for alerts and creating events from those alerts in ThreatQ, including any indicators that have been found in the alerts.

The connector runs a saved search in ThreatQ, parses the YARA rules from the search, and sends each of the rules to FireEye EX. If the customer has enabled it, the connector also searches for email alerts, and if it finds any, adds them to ThreatQ as events. Any indicators in the alerts are also added to ThreatQ and related to the event.