This article describes the way in which to set up the FireEye (AX Series) integration on Cortex XSOAR.
Setting up the FireEye Web Services API to work with Cortex XSOAR:
This section explains what needs to be done to set up a Fire Eye Web Services API for Cortex XSOAR integration on the FireEye side.
This integration supports AXSeriesWebServicesAPI versions 7.7.0 and up.
To use this integration, you need to have a Fire Eye user account of either api_analyst or api_monitor.
To set up the FireEye Web Services API:
1. On the machine where the FireEye API will run, open the CLI and enter the following:
hostname > enable
hostname # configure terminal
hostname (config) # wsapi enable
2. Make sure that FireEye Web Services API is running ether the following:
The reply should indicate that the Server is ‘enabled’ and in ‘running’ state.
Setting up the integration on Cortex XSOAR:
1. Go to ‘Settings > Integrations > Servers & Services’
2. Locate the FireEye (AX Series) integration by searching for ‘FireEye’ using the search box on the top of the page.
3. Click ‘Add instance’ to create and configure a new integration. You should configure the following FireEye and Cortex XSOAR-specific settings:
: A textual name for the integration instance.
Server URL : The hostname or IP address of the FireEye’ application. Make sure the URL is reachable with respect to IP address and port.
Credentials and Password : Your FireEye username and password.
Do not validate server certificate : Select to avoid server certification validation. You may want to do this in case Cortex XSOAR cannot validate the integration server certificate (due to missing CA certificate)
Use system proxy settings – Mark this option.
4. Press the ‘Test’ button to validate connection.
5. After completing the test successfully, press the ‘Done’ button.