FireEye Default Settings
Following are the additional configuration settings after you complete the installation.
Once you complete the installation, you can find FireEye Default Settings module in the left navigation. It contains default settings for different FireEye functionalities.
Additional Configurations
Following are the additional configuration settings:
- : This approval is specifically for the Isolate Host, Remove Host
Isolation, and Get File capabilities when they are triggered directly from the Related
list, and in the absence of profiles for them. If there is/(are) (an) existing
profile(s) for these capabilities, then the approval configuration in the profile will
be honored.
- When you enable Require Approval, the Approvers field is available on the form.
- : List of approver groups. After you submit a request, approval is required from the group to complete the request.
- : Enabling this check box will provide list of fields available to pass an alternate CI to the capability. By default, the integration uses the Configuration Item (CI) field on the Security incident. This configuration is applicable only for the “Run Additional Actions on Endpoint” capability. So, use this configuration to define an alternate CI input field for the “Run Additional Actions on Endpoint” capability only. For the other capabilities use the configuration in the profile section. If the profiles do not define an alternate CI, then the capabilities would pick the CI field from the Security Incident form.
- : By default, IP and Host Name will be used to get the Agent ID. If only one of them is to be used set the input field to either IP or Host Name.
- :
- The Enrichment, Isolate Host and Remove Host Isolation capabilities will fail if no response is rendered in the set time.
- The Run Additional Actions on End point capability will fail if no response is rendered in the set time.
- The Get File capability will fail if no response is rendered in the set time.
- The Search will be stopped after the set time.