EXPLORE KEY FEATURES
DASHBOARD
FireEye Helix helps security operations analysts work more efficiently and effectively by detecting and prioritizing threats.
Scrolling down to the bottom of the Summary Dashboard reveals the Event Classes. Helix is designed to provide analysts with a consolidated view of all security events across the organization, from both FireEye and non-FireEye solutions.
Explore Next Page
Dashboard
The drop-down box reveals other options you can use throughout your security operations.
Investigate
The Summary Dashboard provides a quick overview of what’s happening inside your environment:
-
DASHBOARD MENU
-
-
EXPLORE ON YOUR OWN
EVENT CLASSES
LEARN MORE
NEXT
Explore
EXPLORE
New alerts
Open cases
The drop-down box reveals other Dashboards you can use throughout your security operations. These can be reused or customized depending on what’s most important to you.
Helix also comes with pre-built sample templates to help you get started.
Events by data source
NEXT
Explore Next Page
BOTTOM OF PAGE
NEXT
ALERTS
EXPLORE KEY FEATURES
Helix consolidates security alerts from across your enterprise. This includes alerts that originate from both FireEye and non-FireEye security tools with a normalized view of risk.
-
Investigate
-
LEARN MORE
INVESTIGATE
EXPLORE ON YOUR OWN
Helix consolidates security alerts from across your enterprise. This includes alerts that originate from both FireEye and non-FireEye security tools with a normalized view of risk.
Basic Alerts View (the default)
The table in the lower half of the page contains a list of the alerts created in Helix. You can select between two views of the alerts table:
Dashboard
Explore
Extended Alerts View
The middle section of the alert details page contains information about the most recent event in this alert, and about the triggering rule.
It looks like FireEye Helix gave us an intel hit. In this case, the alert was triggered by a match to a known malicious domain name, or FQDN.
Let’s explore this alert further.
Displays an icon for the alert source (Log Events or FireEye Network, Email, or Endpoint alerts, or non-FireEye product alerts) and a listing of the events that led to the alert.
INTEL TAB
ADD TO CASE
Use this button to assess this alert
as a True Positive or False Positive.
The icon displays the threat
assessment specification.
Within the Investigation menu you can pivot off of important investigative data points in order to aide in the scoping of an incident.
The Investigative Tips tab provides a series of next steps for investigating alerts, based on the experience of industry experts.
Helix also collects information about whether any hosts have already been quarantined using the endpoint agent.
LEARN MORE
Next
Next
NEXT
Information on the rule that triggered the event can be seen here. It also identifies Rule Pack, Distinguishers and a link to the query that produced the event.
NEXT
Helix displays contextual intelligence surrounding confirmed intelligence hits. Malware and Actor overviews are available to Helix customers.
Customers who subscribe to FireEye Threat Intelligence will have further access to intelligence based on subscription.
AUTOMATIONS TAB
Investigate
ASSIGN
EVENTS TAB
NEXT
INTELLIGENCE DETAILS
NEXT
INVESTIGATE AN ALERT
EXPLORE ON YOUR OWN
ASSESS ALERT
If you click the hostname link for the workstation, it will take you directly to the endpoint summary screen in the Helix Endpoint console
NEXT
Review investigative tips to see that there are many other alerts and other hosts involved with the same methodology.
The case numbers to which the alert
is assigned. Use this button to assign
the alert to a case.
MOST RECENT EVENTS
Helix provides a detailed profile of the threat actor associated with the command and control host name that was detected. In this case we see that it’s associated with APT3.
EXPLORE KEY FEATURES
ALERT SOURCE
NEXT
Next
HELIX RULE
Dashboard
NEXT
Displays all events that are associated with the alert.
An event is any observable occurrence. Logging is the process of recording events to provide an audit trail that can be used to understand the activity of a system.
In the context of Helix, an event refers to a specific log entry.
Assign option displays the email address of the assignee or "Not Assigned".
Use this button to assign the alert.
Explore
The automations tab shows you actions that FireEye Helix automatically takes when an alert is triggered.
In this case, Helix automatically looked up and contained an endpoint suspected of being compromised.
NEXT
INVESTIGATIVE TIPS
LEARN MORE
Investigate
Next
Review investigative tips to see that there are many other alerts and other hosts involved with the same methodology.
EXPAND INVESTIGATIVE TIPS
EXPLORE KEY FEATURES
Within the Investigation menu a user can pivot off of important investigative data points in order to aide in the scoping of an incident.
Investigative Tips tab provides a series of next steps for investigating alerts, based on the experience of industry experts.
INVESTIGATIVE TIPS
EXPLORE ON YOUR OWN
Dashboard
Explore
Improve SPEED of responding
LEARN MORE
Investigate
Next
-
Lower COST through integration, automation, and efficient processes
-
-
Expand VISIBILITY across the enterprise
HELIX helps you:
WHY HELIX?
EXPLORE ON YOUR OWN
Dashboard
Explore
SEE HOW
FIREEYE HELIX
CAN WORK FOR YOU
START OVERVIEW AGAIN
Get an idea of capabilities and features with a live demo.
SCHEDULE A LIVE DEMO
Experience how Helix Cloud Edition works within your environment, configured for your needs.
Cloud Edition Proof Of Value
