Installation of FireEye HX(currently Trellix HX)

Endpoint detection and response (EDR) is a type of cybersecurity solution that helps organizations detect and respond to advanced threats. EDR solutions typically combine real-time monitoring of endpoints with historical data analysis to identify and prevent attacks.

FireEye is a one of the most leading provider of EDR solutions. The company’s FireEye HX platform is a comprehensive solution that helps organizations detect, prevent, and respond to advanced threats.

EDR is a critical part of any organization’s cybersecurity strategy. It can help organizations detect and prevent attacks that would otherwise go undetected, and it can help organizations respond to attacks more quickly and effectively.

FireEye HX is a powerful EDR solution that can help organizations of all sizes protect their endpoints from advanced threats. It offers a comprehensive set of features that can help organizations detect, prevent, and respond to attacks.

If you are looking for an EDR solution, FireEye HX is a great option to consider. It offers a comprehensive set of features that can help you protect your endpoints from advanced threats.

Let’s install HX together.

1- First you need to get the HX image from the manufacturer.

2- Then, let’s start deploying the image we received from the manufacturer to our virtualization platform.

Right Click > Deploy OVF Template

3- Local File > Upload Files

4- One of the most important steps is the Password we give here for the Admin user.

5- After the image is deployed, we start the device. Then, when the device is turned on, we can enter the admin user for login and the password we gave during the step 4, and proceed to the initial configuration steps.

6- In the following steps;

Step1: Enter the activation code that came to you from the manufacturer.
Step2: Enter the Hostname you want to give to the device.
Step3: Whether you want to change the admin password or not.
Step4: Whether you want to grant remote access authorization for the Admin User.
Step5: Use DHCP for the Ether1 interface? (If you use this, the connection will be broken because it will get a new IP address.)
Step6: Whether you want to use zeroconf on Ether1. (It is not preferred by enterprise level institutions.)
Step7: IP address. <IP Address>/<Netmask>
Step8:DGW address
Step9: Primary DNS address (secondary DNS can be added later if desired)
Step10: Enter Domain name.
Step11: Whether we want to turn on Fenet services. (With Fenet-FireEye Network services, the device can go to the cloud and pull the necessary content.)
Step12: In order for fetching licenses from Fenet.
Step13: If NTP will be used, this service must be turned on.
Step14: If you want to be configured with IPv6.
Step15: The field where the licenses of the product will be entered. (If the device could not communicate with the cloud during installation, licenses can be entered manually.)
Step16: The question of whether the HX device should send a request to the FireEye CMS (Common panel where all FE devices are managed) device to manage itself.

7- After these steps are finished, it asks us if we want to make changes in any step.

8-Then we can enter the web interface using the 3000 port in the form of https://<IP address>:3000 over the browser.

9- Let’s go to Agent Default Policy from Admin > Policies tab to download our first agent and test whether it communicates with the server.

9- In the Server Address section, we add the management IP address to which the agents will communicate.

Then we mark the Enable Provisioning and Primary Server sections. Thus, the agents will see the relevant IP address as the primary server and register themselves there.

10- Ajanımınızı indirmek için Admin > Agent Versions sekmesine gidip deploy etmeye karar verdiğimiz versiyonlu ajanı indirip kurulumunug gerçekleştiriyoruz.

11- Let’s create our test alarm to test the Agent-Server communication. For this, it is sufficient to create a file named feyeqatest.exe in any location and save it.

Then we can see the alert on the HX,

So we installed HX and tested agent communication. In my next articles, I intend to explain how host groups are created, how policies are created and how these host groups and policies are matched, and then I will talk about the basic components of HX. Stay tuned.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *