FireEye Malware Protection System

Discussion created by NathanF on Aug 17, 2011
Latest reply on Aug 12, 2012 by Vincent Wareham

FireEye Malware Protection System (MPS) network security appliances prevent signature-evading Modern Malware from successfully gaining a foothold in the network and exfiltrating sensitive organizational data. FireEye MPS appliances operate in-line, using fast-path blocking to stop known inbound attacks and malware callbacks coupled with dynamic, real-time Malware-VM™ and Malware-Callback™ analysis filters to accurately detect zero-hour attacks and halt their spread and negate their ability to steal data resources.



Release Date

What’s New In This Release


Initial support for FireEye MPS


Domain Matching messages added to the XML


Add support for FireEye v6.1 events and modified to support Content 2.0 format

Note: Content 2.0 features substantial improvements to the parsing of event data into the various tables that are used for queries and reports. Content 2.0 is the future direction for all event sources within the supported library. For rules and reports, note the following:

-For factory reports, as existing event sources are converted to Content 2.0, their device-specific reports are updated to work with the new content. In some cases, class-specific reports have replaced device-specific reports.

-Factory correlated rules have been modified to take advantage of the improved tables, variables and parsing.

-Custom rules, that involve event sources updated to work with Content 2.0, need to be rewritten.

-Custom reports may not produce the same results as previously. For guidance on updating custom reports, see the RSA enVision Content Inspection Tool document and the online Help topics that describe the Content 2.0 tables