Configure profiles and security incidents for the FireEye HX integration

Versão de lançamento: Australia

Atualizado 12 de mar. de 2026

2 min. de leitura

After you create a profile and select the FireEye HX capabilities that you want the profile to run, configure the settings so that the profile can be invoked only under the defined conditions.

Antes de Iniciar

Role required: sn_si.admin

Configure the profile so that it runs only when the conditions you specify are fulfilled. Select an alternate input field for the Configuration Item (CI) field, if required, and set filtering conditions so that the profile can be triggered automatically when a security incident meeting the trigger conditions is created.

Nota:

You can navigate to the Profile Configuration page only after you have entered the Profile Details.

Procedimento

Navigate to FireEye Integration > FireEye Capability Profiles.
Click Next on the Profile Details page after completing the Profile details section.
Review and configure the following sections:
- Define Incident Criteria (Automation): Define the security incident conditions that would automatically trigger the FireEye HX capabilities for the profile. If you do not select the Define Incident Criteria option, then the profile and the underlying capabilities can be invoked manually from the Security incident.
  - Select Define Incident Criteria option to automatically trigger FireEye HX capabilities in the profile.
  - In the Filter Conditions, select the required field.
  - You can add New Criteria and also define the OR or the AND condition.
    Nota:
    Isolate Host, Remove Host Isolation, Get File cannot be triggered automatically.
- Additional Configuration: When the Configuration item (CI) field is not populated on the security incident with a host name, or an IP address that matches the database, you can select an alternate field on the security incident to query the FireEye HX APIs.
  - Select the Define Alternative Field option to define an alternative input field.
  - Select the input field from the Alternate CI Trigger Field.
    Nota:
    For more information, see Understand how trigger conditions work with a configuration item.
- Tags: You can optionally tag security incidents with the FireEye HX profile initiated, profile completed, and profile failed tags.
  Select the Display Tag check box to enable tagging security incidents, profile name is prefixed on enabling the tag. By default, this option is disabled for all profiles.
- Approvals: Select the Require Approval check box to provide an extra level of control when using the FireEye HX capabilities for isolating host machines, restoring them to the network, and to get the files.
  The approvals option in the profile configuration appears only for Isolate Host, Remove Host Isolation, and Get File capabilities.
Click Done.
Verify FireEye HX trigger conditions.