FireEye Malware Protection System (MPS) network security appliances prevent signature-evading Modern Malware from successfully gaining a foothold in the network and exfiltrating sensitive organizational data. FireEye MPS appliances operate in-line, using fast-path blocking to stop known inbound attacks and malware callbacks coupled with dynamic, real-time Malware-VM™ and Malware-Callback™ analysis filters to accurately detect zero-hour attacks and halt their spread and negate their ability to steal data resources.
What’s New In This Release
Initial support for FireEye MPS
Domain Matching messages added to the XML
Add support for FireEye v6.1 events and modified to support Content 2.0 format
Note: Content 2.0 features substantial improvements to the parsing of event data into the various tables that are used for queries and reports. Content 2.0 is the future direction for all event sources within the supported library. For rules and reports, note the following:
-For factory reports, as existing event sources are converted to Content 2.0, their device-specific reports are updated to work with the new content. In some cases, class-specific reports have replaced device-specific reports.
-Factory correlated rules have been modified to take advantage of the improved tables, variables and parsing.
-Custom rules, that involve event sources updated to work with Content 2.0, need to be rewritten.
-Custom reports may not produce the same results as previously. For guidance on updating custom reports, see the RSA enVision Content Inspection Tool document and the online Help topics that describe the Content 2.0 tables