- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
FireEye Malware Protection System
FireEye Malware Protection System (MPS) network security appliances prevent signature-evading Modern Malware from successfully gaining a foothold in the network and exfiltrating sensitive organizational data. FireEye MPS appliances operate in-line, using fast-path blocking to stop known inbound attacks and malware callbacks coupled with dynamic, real-time Malware-VMâ„¢ and Malware-Callbackâ„¢ analysis filters to accurately detect zero-hour attacks and halt their spread and negate their ability to steal data resources.
Release Date | What’s New In This Release |
06/18/2011 | Initial support for FireEye MPS |
08/16/2011 | Domain Matching messages added to the XML |
06/28/2011 | Add support for FireEye v6.1 events and modified to support Content 2.0 format |
Note: Content 2.0 features substantial improvements to the parsing of event data into the various tables that are used for queries and reports. Content 2.0 is the future direction for all event sources within the supported library. For rules and reports, note the following:
-For factory reports, as existing event sources are converted to Content 2.0, their device-specific reports are updated to work with the new content. In some cases, class-specific reports have replaced device-specific reports.
-Factory correlated rules have been modified to take advantage of the improved tables, variables and parsing.
-Custom rules, that involve event sources updated to work with Content 2.0, need to be rewritten.
-Custom reports may not produce the same results as previously. For guidance on updating custom reports, see the RSA enVision Content Inspection Tool document and the online Help topics that describe the Content 2.0 tables
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Updated XML to v6.1 and converted to Content 2.0.
Note: Content 2.0 features substantial improvements to the parsing of event data into the various tables that are used for queries and reports. Content 2.0 is the future direction for all event sources within the supported library. For rules and reports, note the following:
-For factory reports, as existing event sources are converted to Content 2.0, their device-specific reports are updated to work with the new content. In some cases, class-specific reports have replaced device-specific reports.
-Factory correlated rules have been modified to take advantage of the improved tables, variables and parsing.
-Custom rules, that involve event sources updated to work with Content 2.0, need to be rewritten.
-Custom reports may not produce the same results as previously. For guidance on updating custom reports, see the RSA enVision Content Inspection Tool document and the online Help topics that describe the Content 2.0 tables
Nathan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Any ideas???
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
