EXPLORE ON YOUR OWN
DASHBOARD
FireEye Helix helps security operations analysts work more efficiently and effectively by detecting and prioritizing threats.
EXPLORE KEY FEATURES
DASHBOARD MENU
The drop-down box reveals other Dashboards you can use throughout your security operations. These can be reused or customized depending on what’s most important to you.
Helix also comes with pre-built sample templates to help you get started.
NEXT
EXPLORE
The drop-down box reveals other options you can use throughout your security operations.
NEXT
EVENT CLASSES
Scrolling down to the bottom of the Summary Dashboard reveals the Event Classes. Helix is designed to provide analysts with a consolidated view of all security events across the organization, from both FireEye and non-FireEye solutions.
Explore Next Page
Dashboard
LEARN MORE
Investigate
Explore
The Summary Dashboard provides a quick overview of what’s happening inside your environment:
New alerts
-
Open cases
-
Events by data source
-
EXPLORE ON YOUR OWN
INVESTIGATE
Helix consolidates security alerts from across your enterprise. This includes alerts that originate from both FireEye and non-FireEye security tools with a normalized view of risk.
EXPLORE KEY FEATURES
ALERTS
Helix consolidates security alerts from across your enterprise. This includes alerts that originate from both FireEye and non-FireEye security tools with a normalized view of risk.
NEXT
BOTTOM OF PAGE
The table in the lower half of the page contains a list of the alerts created in Helix. You can select between two views of the alerts table:
Explore Next Page
Basic Alerts View (the default)
-
Extended Alerts View
-
Dashboard
Investigate
Explore
LEARN MORE
EXPLORE ON YOUR OWN
INVESTIGATE AN ALERT
It looks like FireEye Helix gave us an intel hit. In this case, the alert was triggered by a match to a known malicious domain name, or FQDN.
Let’s explore this alert further.
EXPLORE KEY FEATURES
ALERT SOURCE
Displays an icon for the alert source (Log Events or FireEye Network, Email, or Endpoint alerts, or non-FireEye product alerts) and a listing of the events that led to the alert.
NEXT
ASSIGN
Assign option displays the email address of the assignee or "Not Assigned".
Use this button to assign the alert.
NEXT
ASSESS ALERT
Use this button to assess this alert
as a True Positive or False Positive.
The icon displays the threat
assessment specification.
NEXT
ADD TO CASE
The case numbers to which the alert
is assigned. Use this button to assign
the alert to a case.
NEXT
MOST RECENT EVENTS
The middle section of the alert details page contains information about the most recent event in this alert, and about the triggering rule.
Next
INTELLIGENCE DETAILS
Next
HELIX RULE
Information on the rule that triggered the event can be seen here. It also identifies Rule Pack, Distinguishers and a link to the query that produced the event.
Next
Dashboard
Investigate
Explore
LEARN MORE
AUTOMATIONS TAB
The automations tab shows you actions that FireEye Helix automatically takes when an alert is triggered.
In this case, Helix automatically looked up and contained an endpoint suspected of being compromised.
NEXT
Helix also collects information about whether any hosts have already been quarantined using the endpoint agent.
If you click the hostname link for the workstation, it will take you directly to the endpoint summary screen in the Helix Endpoint console
NEXT
INVESTIGATIVE TIPS
Within the Investigation menu you can pivot off of important investigative data points in order to aide in the scoping of an incident.
The Investigative Tips tab provides a series of next steps for investigating alerts, based on the experience of industry experts.
Review investigative tips to see that there are many other alerts and other hosts involved with the same methodology.
NEXT
INTEL TAB
Helix provides a detailed profile of the threat actor associated with the command and control host name that was detected. In this case we see that it’s associated with APT3.
Helix displays contextual intelligence surrounding confirmed intelligence hits. Malware and Actor overviews are available to Helix customers.
Customers who subscribe to FireEye Threat Intelligence will have further access to intelligence based on subscription.
NEXT
EVENTS TAB
Displays all events that are associated with the alert.
An event is any observable occurrence. Logging is the process of recording events to provide an audit trail that can be used to understand the activity of a system.
In the context of Helix, an event refers to a specific log entry.
EXPLORE ON YOUR OWN
INVESTIGATIVE TIPS
Within the Investigation menu a user can pivot off of important investigative data points in order to aide in the scoping of an incident.
Investigative Tips tab provides a series of next steps for investigating alerts, based on the experience of industry experts.
EXPLORE KEY FEATURES
EXPAND INVESTIGATIVE TIPS
Review investigative tips to see that there are many other alerts and other hosts involved with the same methodology.
Next
Dashboard
Investigate
Explore
LEARN MORE
EXPLORE ON YOUR OWN
WHY HELIX?
HELIX helps you:
Expand VISIBILITY across the enterprise
-
Improve SPEED of responding
-
Lower COST through integration, automation, and efficient processes
-
Next
Dashboard
Investigate
Explore
LEARN MORE
SEE HOW
FIREEYE HELIX
CAN WORK FOR YOU
START OVERVIEW AGAIN
Get an idea of capabilities and features with a live demo.
SCHEDULE A LIVE DEMO
Experience how Helix Cloud Edition works within your environment, configured for your needs.
Cloud Edition Proof Of Value
