##Send JSON using HTTP POST
- Log into the FireEye appliance with an administrator account
- Click “Settings”
- Click “Notifications”
- Click the “http” hyperlink
- Make sure the "Event type" check box is selected
- If the Global HTTP Settings are already set—leave them
- Add HTTP Server
- Name Your Server (i.e. OpenDXLHTTP)
- Check Enabled
- Uncheck Auth
- Check SSL Enabled
- Per Event
Choose JSON Concise
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d @fireeye.json http://127.0.0.1:5000/tie/fireeye/setfile/
- MD5 File Hash
- File Name of analysised file
- Comment
- Trust Level known_malicious
{
"product": "MAS",
"appliance-id": "00:00:00:00:00:00",
"appliance": "fireeye-000000",
"alert": {
"src": {
"url": "/data/share/winxp-sp3/src/41281428cd6f503f948e931d546e340c.exe"
},
"severity": "majr",
"alert-url": "https://fireeye-000000/malware_analysis/analyses?maid=146658",
"explanation": {
"malware-detected": {
"malware": {
"malicious": "yes",
"executed-at": "2017-05-09T14:30:25Z",
"md5sum": "41281428cd6f503f948e931d546e340c",
"type": "exe",
"name": "Trojan.LuminosityLink"
}
}
},
"occurred": "2017-05-09T14:30:25Z",
"action": "notified",
"id": "146658",
"name": "malware-object"
},
"version": "7.7.5.577562",
"msg": "concise"
}