Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

The FireEye® AX series is a group of forensic analysis platforms that provide security analysts control over powerful auto-configured test environments to execute and inspect advanced malware safely, zero-day and advanced persistent threat (APT) attacks embedded in Web pages, email attachments, and files.

This document provides information about the FireEye AX connector, which facilitates automated interactions, with your FireEye AX server using FortiSOAR™ playbooks. Add the FireEye AX connector, as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all guest image profiles and applications details from FireEye AX, submitting files or URLs for analysis to FireEye AX, and retrieving data for artifacts from FireEye AX 

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-fireeye-ax

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

  • You must have the FQDN or IP address of the FireEye AX server to which you will connect and perform automated operations and credentials (username-password pair) to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the CyOPsTM instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the FireEye AX connector row, and in the Configure tab enter the required configuration details.

Parameter Description
Hostname FQDN or IP address of FireEye AX server to which you will connect and perform the automated operations.
Username Username to access the FireEye AX server to which you will connect and perform the automated operations.
Password Password to access the FireEye AX server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get Config Retrieves a list of all guest image profiles and applications details that are available on FireEye AX. get_config
Investigation
Get Alerts Retrieves information of existing alerts from FireEye AX based on alert ID, URL of the alert, and other input parameters you have specified. get_alerts
Investigation
Submit File Submits a file that is present in FortiSOAR™ for analysis to FireEye AX based on the FortiSOAR™ file IRI, application ID, profiles, and other input parameters you have specified. submit_file
Investigation
Submit URL Submits URLs for analysis to FireEye AX based on the URLs, application ID, profiles, and other input parameters you have specified. submit_url
Investigation
Get Submission Status Retrieves the submission status of files or URLs that you have submitted to FireEye AX for analysis based on the information level and object ID (optional) that you have specified. get_status
Miscellaneous
Get Submission Result Retrieves the submission result of files or URLs that you have submitted to FireEye AX for analysis based on the information level and object ID (optional) that you have specified. get_result
Investigation
Get Artifacts Data Retrieves data for artifacts from FireEye AX based on the alert ID and alert type you have specified. get_artifacts_data
Investigation
Get Artifacts Data By UUID Retrieves data for artifacts from FireEye AX based on the alert UUID you have specified. get_artifacts_data_by_uuid
Investigation
Get Artifacts Metadata Retrieves metadata for artifacts from FireEye AX based on the alert ID and alert type you have specified. get_artifacts_meata
Investigation
Get Artifacts Metadata By UUID Retrieves metadata for artifacts from FireEye AX based on the alert UUID you have specified. get_artifacts_metadata_by_uuid
Investigation
List Custom Feeds Retrieves a list of all custom feeds available in the FireEye AX system. list_feeds
Investigation
Download a Custom IOC File Request Downloads a custom IOC file request from FireEye AX based on the feed name and feed path you have specified. download_feeds
Investigation
Delete Custom Feeds Delete a specific feed from FireEye AX system based on the feed name you have specified. delete_feeds
Remediation
Add or Update Custom Feeds Adds or update a custom feed in the FireEye AX server based on the feed name, feed type, and other input parameters you have specified. add_feeds
Containment
Add YARA Rule Adds a YARA rule to the FireEye AX server based on the file IRI and file type you have specified. add_rules
Containment
Delete YARA Rule Delete a YARA rule file from the FireEye AX server based on the YARA file name and YARA type you have specified. delete_rule
Miscellaneous

operation: Get Config

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Get Alerts

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Alert ID ID of the alert whose information you want to retrieve from FireEye AX.
Info Level Level of information to be retrieved for alerts from FireEye AX.
You can choose from the following options: Concise (default), Normal, or Extended.Level of information to be retrieved for alerts from FireEye AX.
You can choose from the following options: Concise (default), Normal, or Extended.
URL Alert URL that you want to search for on FireEye AX.
File Name Name of the malware file that you want to search for on FireEye AX.
File Type Type of the malware file that you want to search for on FireEye AX.
Malware Name Name of the malware object that you want to search for on FireEye AX.
Malware Type Type of malware object that you want to search for on FireEye AX.
For example, domain_match, malware_callback, malware_object, web_infection, infection_match etc.
Start Time DateTime from when you want to retrieve alerts from FireEye AX.
End Time DateTime till when you want to retrieve alerts from FireEye AX.

Output

The output contains a non-dictionary value.

operation: Submit File

Input parameters

Parameter Description
CyOPs File IRI File IRI of the file that you want to FireEye AX for analysis.
Timeout Timeout for the analysis (in seconds).
Application/Sandbox ID of the application or sandbox that you want to use for analysis.
Priority Priority to be set for the analysis. You can choose from the following options:
  • Immediate: Places the analysis at the top of the queue.
  • As Per Availability: Adds the analysis to the bottom of the queue.
Profiles AX series profile that you want to use for analysis.
Analysis Type Analysis mode that you want to use for analysis. You can choose from the following options:
  • Analyze in Live MVX Environment: Analyze the suspected files live within the AX Series Multi-Vector Virtual Execution (MVX) analysis engine. 
  • Analyze in Sandbox Environment: Analyze the suspected files in a closed, protected environment.
Prefetch Mode of determining the file target. You can choose either Determine Through Internal Determination or Determine Through Browsing Target Location.
If you select Determine Through Internal Determination, then the file target is based on an internal determination.
If you select Determine Through Browsing Target Location, then the file target based by browsing to the target location.
Force Select the Force checkbox, i.e., set it to True (default), to perform an analysis on the file even if the file exactly matches an analysis that has already been performed, i.e., force the analysis. In most cases, it is not necessary to reanalyze malware.
If you clear the Force checkbox, i.e., set it to False, then this operation does not analyze duplicate files.

Output

The output contains the following populated JSON schema:
{
     "ID": ""
}

operation: Submit URL

Input parameters

Parameter Description
URLs URLs that you want to FireEye AX for analysis.
Note: You can specify multiple URLs in the .csv or list format.
Timeout Timeout for the analysis (in seconds).
Application/Sandbox ID of the application or sandbox that you want to use for analysis.
Priority Priority to be set for the analysis. You can choose from the following options:
  • Immediate: Places the analysis at the top of the queue.
  • As Per Availability: Adds the analysis to the bottom of the queue.
Profiles AX series profile that you want to use for analysis.
Analysis Type Analysis mode that you want to use for analysis. You can choose from the following options:
  • Analyze in Live MVX Environment: Analyze the suspected URLs live within the AX Series Multi-Vector Virtual Execution (MVX) analysis engine. 
  • Analyze in Sandbox Environment: Analyze the suspected URLs in a closed, protected environment.
Prefetch Mode of determining the target of the URLs. You can choose either Determine Through Internal Determination or Determine Through Browsing Target Location.
If you select Determine Through Internal Determination, then the target of the URLs is based on an internal determination.
If you select Determine Through Browsing Target Location, then the target of the URLs based by browsing to the target location.
Force Select the Force checkbox, i.e., set it to True (default), to perform an analysis on the URLs even if the URLs exactly matches an analysis that has already been performed, i.e., force the analysis. In most cases, it is not necessary to reanalyze malware.
If you clear the Force checkbox, i.e., set it to False, then this operation does not analyze duplicate URLs.

Output

The output contains the following populated JSON schema:
{
     "id": ""
}

operation: Get Submission Status

Input parameters

Parameter Description
Info Level Level of information to be returned by this operation for files or URLs submitted to FireEye AX for analysis.
You can choose from the following options: Normal or Extended.
Object ID (Optional) ID of the object that is provided by your appliance during the submission process. This key identifies the unique file or URL submitted for analysis.

Output

The output contains the following populated JSON schema:
{
     "status": "",
     "response": []
}

operation: Get Submission Result

Input parameters

Parameter Description
Info Level Level of information to be returned by this operation for files or URLs submitted to FireEye AX for analysis.
You can choose from the following options: Normal or Extended.
Object ID (Optional) ID of the object that is provided by your appliance during the submission process. This key identifies the unique file or URL submitted for analysis.

Output

The output contains a non-dictionary value.

operation: Get Artifacts Data

Input parameters

Parameter Description
Alert ID ID of the alert whose artifacts data you want to retrieve from FireEye AX.
Alert Type Type of alert whose artifacts data you want to retrieve from FireEye AX.
For example, malwareobject.

Output

The output contains a non-dictionary value.

operation: Get Artifacts Data By UUID

Input parameters

Parameter Description
Alert UUID Universally unique ID (UUID) of the alert whose artifacts data you want to retrieve from FireEye AX.

Output

The output contains a non-dictionary value.

operation: Get Artifacts Metadata

Input parameters

Parameter Description
Alert ID ID of the alert whose artifacts metadata you want to retrieve from FireEye AX.
Alert Type Type of alert whose artifacts metadata you want to retrieve from FireEye AX.
For example, malwareobject.

Output

The output contains a non-dictionary value.

operation: Get Artifacts Metadata By UUID

Input parameters

Parameter Description
Alert UUID UUID of the alert whose artifacts metadata you want to retrieve from FireEye AX.

Output

The output contains a non-dictionary value.

operation: List Custom Feeds

Input parameters

None.

Output

No output schema is available at this time.

operation: Download a Custom IOC File Request

Input parameters

Parameter Description
Feed Name Name of an existing feed whose associated custom IOC file request you want to download from FireEye AX.
File Path Path of the file that contains the specified feed whose associated custom IOC file request you want to download from FireEye AX.

Output

No output schema is available at this time.

operation: Delete Custom Feeds

Input parameters

Parameter Description
Feed Name Name of the custom feed that you want to delete from FireEye AX.

Output

The output contains a non-dictionary value.

operation: Add or Update Custom Feeds

Input parameters

Parameter Description
Feed Name Name of the new feed that you want to add to the FireEye AX server, or the name of an existing feed that you want to modify on the FireEye AX server.
Feed Type Type of the feed that you want to add or modify on the FireEye AX server.
You can choose from the following feed types: IP, URL, Domain, or Hash.
Feed Action Type of notification that should be generated if a match is found on the FireEye AX server.
Feed Source Source of feed that you want to add or modify on the FireEye AX server.
IOC Feed Data IP addresses, URLs, domain names, or hash values (based on the Feed Type you have chosen) that you want to add to the custom feed on the FireEye AX server.
Note: You can specify multiple items in this field in the .csv or list format.
Overwrite Existing Feed Specifies whether a feed should be overwritten or not.
If you are creating a new feed, this checkbox will be unchecked, i.e., the value is set to False.
If you are updating an existing feed, this checkbox will be checked, i.e., the value is set to True.

Output

The output contains a non-dictionary value.

operation: Add YARA Rule

Input parameters

Parameter Description
File IRI IRI of the file to submit YARA rule to the FireEye AX server.
File Type File type of the YARA rules file that you are submitting to the FireEye AX server.
File types can be exe, pdf, xls, or ppt.

Output

The output contains a non-dictionary value.

operation: Delete YARA Rule

Input parameters

Parameter Description
YARA Type Type of the YARA file that you want to delete from the FireEye AX server.
YARA types can be exe, pdf, xls, or ppt.
YARA File Name Name of the YARA file that you want to delete from the FireEye AX server.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - FireEye AX - 1.0.0 playbook collection comes bundled with the FireEye AX connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the FireEye AX connector.

  • Add or Update Custom Feeds
  • Add YARA Rule
  • Delete Custom Feeds
  • Delete YARA Rule
  • Download a Custom IOC File Request
  • Get Alerts
  • Get Artifacts Data
  • Get Artifacts Data By UUID
  • Get Artifacts MetaData
  • Get Artifacts Metadata By UUID
  • Get Config
  • Get Submission Result
  • Get Submission Status
  • List Custom Feeds
  • Submit File
  • Submit URL

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

The FireEye® AX series is a group of forensic analysis platforms that provide security analysts control over powerful auto-configured test environments to execute and inspect advanced malware safely, zero-day and advanced persistent threat (APT) attacks embedded in Web pages, email attachments, and files.

This document provides information about the FireEye AX connector, which facilitates automated interactions, with your FireEye AX server using FortiSOAR™ playbooks. Add the FireEye AX connector, as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all guest image profiles and applications details from FireEye AX, submitting files or URLs for analysis to FireEye AX, and retrieving data for artifacts from FireEye AX 

Version information

Connector Version: 1.0.0

Authored By: Fortinet

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-fireeye-ax

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the FireEye AX connector row, and in the Configure tab enter the required configuration details.

Parameter Description
Hostname FQDN or IP address of FireEye AX server to which you will connect and perform the automated operations.
Username Username to access the FireEye AX server to which you will connect and perform the automated operations.
Password Password to access the FireEye AX server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get Config Retrieves a list of all guest image profiles and applications details that are available on FireEye AX. get_config
Investigation
Get Alerts Retrieves information of existing alerts from FireEye AX based on alert ID, URL of the alert, and other input parameters you have specified. get_alerts
Investigation
Submit File Submits a file that is present in FortiSOAR™ for analysis to FireEye AX based on the FortiSOAR™ file IRI, application ID, profiles, and other input parameters you have specified. submit_file
Investigation
Submit URL Submits URLs for analysis to FireEye AX based on the URLs, application ID, profiles, and other input parameters you have specified. submit_url
Investigation
Get Submission Status Retrieves the submission status of files or URLs that you have submitted to FireEye AX for analysis based on the information level and object ID (optional) that you have specified. get_status
Miscellaneous
Get Submission Result Retrieves the submission result of files or URLs that you have submitted to FireEye AX for analysis based on the information level and object ID (optional) that you have specified. get_result
Investigation
Get Artifacts Data Retrieves data for artifacts from FireEye AX based on the alert ID and alert type you have specified. get_artifacts_data
Investigation
Get Artifacts Data By UUID Retrieves data for artifacts from FireEye AX based on the alert UUID you have specified. get_artifacts_data_by_uuid
Investigation
Get Artifacts Metadata Retrieves metadata for artifacts from FireEye AX based on the alert ID and alert type you have specified. get_artifacts_meata
Investigation
Get Artifacts Metadata By UUID Retrieves metadata for artifacts from FireEye AX based on the alert UUID you have specified. get_artifacts_metadata_by_uuid
Investigation
List Custom Feeds Retrieves a list of all custom feeds available in the FireEye AX system. list_feeds
Investigation
Download a Custom IOC File Request Downloads a custom IOC file request from FireEye AX based on the feed name and feed path you have specified. download_feeds
Investigation
Delete Custom Feeds Delete a specific feed from FireEye AX system based on the feed name you have specified. delete_feeds
Remediation
Add or Update Custom Feeds Adds or update a custom feed in the FireEye AX server based on the feed name, feed type, and other input parameters you have specified. add_feeds
Containment
Add YARA Rule Adds a YARA rule to the FireEye AX server based on the file IRI and file type you have specified. add_rules
Containment
Delete YARA Rule Delete a YARA rule file from the FireEye AX server based on the YARA file name and YARA type you have specified. delete_rule
Miscellaneous

operation: Get Config

Input parameters

None.

Output

The output contains a non-dictionary value.

operation: Get Alerts

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Alert ID ID of the alert whose information you want to retrieve from FireEye AX.
Info Level Level of information to be retrieved for alerts from FireEye AX.
You can choose from the following options: Concise (default), Normal, or Extended.Level of information to be retrieved for alerts from FireEye AX.
You can choose from the following options: Concise (default), Normal, or Extended.
URL Alert URL that you want to search for on FireEye AX.
File Name Name of the malware file that you want to search for on FireEye AX.
File Type Type of the malware file that you want to search for on FireEye AX.
Malware Name Name of the malware object that you want to search for on FireEye AX.
Malware Type Type of malware object that you want to search for on FireEye AX.
For example, domain_match, malware_callback, malware_object, web_infection, infection_match etc.
Start Time DateTime from when you want to retrieve alerts from FireEye AX.
End Time DateTime till when you want to retrieve alerts from FireEye AX.

Output

The output contains a non-dictionary value.

operation: Submit File

Input parameters

Parameter Description
CyOPs File IRI File IRI of the file that you want to FireEye AX for analysis.
Timeout Timeout for the analysis (in seconds).
Application/Sandbox ID of the application or sandbox that you want to use for analysis.
Priority Priority to be set for the analysis. You can choose from the following options:
  • Immediate: Places the analysis at the top of the queue.
  • As Per Availability: Adds the analysis to the bottom of the queue.
Profiles AX series profile that you want to use for analysis.
Analysis Type Analysis mode that you want to use for analysis. You can choose from the following options:
  • Analyze in Live MVX Environment: Analyze the suspected files live within the AX Series Multi-Vector Virtual Execution (MVX) analysis engine. 
  • Analyze in Sandbox Environment: Analyze the suspected files in a closed, protected environment.
Prefetch Mode of determining the file target. You can choose either Determine Through Internal Determination or Determine Through Browsing Target Location.
If you select Determine Through Internal Determination, then the file target is based on an internal determination.
If you select Determine Through Browsing Target Location, then the file target based by browsing to the target location.
Force Select the Force checkbox, i.e., set it to True (default), to perform an analysis on the file even if the file exactly matches an analysis that has already been performed, i.e., force the analysis. In most cases, it is not necessary to reanalyze malware.
If you clear the Force checkbox, i.e., set it to False, then this operation does not analyze duplicate files.

Output

The output contains the following populated JSON schema:
{
     "ID": ""
}

operation: Submit URL

Input parameters

Parameter Description
URLs URLs that you want to FireEye AX for analysis.
Note: You can specify multiple URLs in the .csv or list format.
Timeout Timeout for the analysis (in seconds).
Application/Sandbox ID of the application or sandbox that you want to use for analysis.
Priority Priority to be set for the analysis. You can choose from the following options:
  • Immediate: Places the analysis at the top of the queue.
  • As Per Availability: Adds the analysis to the bottom of the queue.
Profiles AX series profile that you want to use for analysis.
Analysis Type Analysis mode that you want to use for analysis. You can choose from the following options:
  • Analyze in Live MVX Environment: Analyze the suspected URLs live within the AX Series Multi-Vector Virtual Execution (MVX) analysis engine. 
  • Analyze in Sandbox Environment: Analyze the suspected URLs in a closed, protected environment.
Prefetch Mode of determining the target of the URLs. You can choose either Determine Through Internal Determination or Determine Through Browsing Target Location.
If you select Determine Through Internal Determination, then the target of the URLs is based on an internal determination.
If you select Determine Through Browsing Target Location, then the target of the URLs based by browsing to the target location.
Force Select the Force checkbox, i.e., set it to True (default), to perform an analysis on the URLs even if the URLs exactly matches an analysis that has already been performed, i.e., force the analysis. In most cases, it is not necessary to reanalyze malware.
If you clear the Force checkbox, i.e., set it to False, then this operation does not analyze duplicate URLs.

Output

The output contains the following populated JSON schema:
{
     "id": ""
}

operation: Get Submission Status

Input parameters

Parameter Description
Info Level Level of information to be returned by this operation for files or URLs submitted to FireEye AX for analysis.
You can choose from the following options: Normal or Extended.
Object ID (Optional) ID of the object that is provided by your appliance during the submission process. This key identifies the unique file or URL submitted for analysis.

Output

The output contains the following populated JSON schema:
{
     "status": "",
     "response": []
}

operation: Get Submission Result

Input parameters

Parameter Description
Info Level Level of information to be returned by this operation for files or URLs submitted to FireEye AX for analysis.
You can choose from the following options: Normal or Extended.
Object ID (Optional) ID of the object that is provided by your appliance during the submission process. This key identifies the unique file or URL submitted for analysis.

Output

The output contains a non-dictionary value.

operation: Get Artifacts Data

Input parameters

Parameter Description
Alert ID ID of the alert whose artifacts data you want to retrieve from FireEye AX.
Alert Type Type of alert whose artifacts data you want to retrieve from FireEye AX.
For example, malwareobject.

Output

The output contains a non-dictionary value.

operation: Get Artifacts Data By UUID

Input parameters

Parameter Description
Alert UUID Universally unique ID (UUID) of the alert whose artifacts data you want to retrieve from FireEye AX.

Output

The output contains a non-dictionary value.

operation: Get Artifacts Metadata

Input parameters

Parameter Description
Alert ID ID of the alert whose artifacts metadata you want to retrieve from FireEye AX.
Alert Type Type of alert whose artifacts metadata you want to retrieve from FireEye AX.
For example, malwareobject.

Output

The output contains a non-dictionary value.

operation: Get Artifacts Metadata By UUID

Input parameters

Parameter Description
Alert UUID UUID of the alert whose artifacts metadata you want to retrieve from FireEye AX.

Output

The output contains a non-dictionary value.

operation: List Custom Feeds

Input parameters

None.

Output

No output schema is available at this time.

operation: Download a Custom IOC File Request

Input parameters

Parameter Description
Feed Name Name of an existing feed whose associated custom IOC file request you want to download from FireEye AX.
File Path Path of the file that contains the specified feed whose associated custom IOC file request you want to download from FireEye AX.

Output

No output schema is available at this time.

operation: Delete Custom Feeds

Input parameters

Parameter Description
Feed Name Name of the custom feed that you want to delete from FireEye AX.

Output

The output contains a non-dictionary value.

operation: Add or Update Custom Feeds

Input parameters

Parameter Description
Feed Name Name of the new feed that you want to add to the FireEye AX server, or the name of an existing feed that you want to modify on the FireEye AX server.
Feed Type Type of the feed that you want to add or modify on the FireEye AX server.
You can choose from the following feed types: IP, URL, Domain, or Hash.
Feed Action Type of notification that should be generated if a match is found on the FireEye AX server.
Feed Source Source of feed that you want to add or modify on the FireEye AX server.
IOC Feed Data IP addresses, URLs, domain names, or hash values (based on the Feed Type you have chosen) that you want to add to the custom feed on the FireEye AX server.
Note: You can specify multiple items in this field in the .csv or list format.
Overwrite Existing Feed Specifies whether a feed should be overwritten or not.
If you are creating a new feed, this checkbox will be unchecked, i.e., the value is set to False.
If you are updating an existing feed, this checkbox will be checked, i.e., the value is set to True.

Output

The output contains a non-dictionary value.

operation: Add YARA Rule

Input parameters

Parameter Description
File IRI IRI of the file to submit YARA rule to the FireEye AX server.
File Type File type of the YARA rules file that you are submitting to the FireEye AX server.
File types can be exe, pdf, xls, or ppt.

Output

The output contains a non-dictionary value.

operation: Delete YARA Rule

Input parameters

Parameter Description
YARA Type Type of the YARA file that you want to delete from the FireEye AX server.
YARA types can be exe, pdf, xls, or ppt.
YARA File Name Name of the YARA file that you want to delete from the FireEye AX server.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - FireEye AX - 1.0.0 playbook collection comes bundled with the FireEye AX connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the FireEye AX connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.