Overview
FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix. Available with any FireEye solution, FireEye Helix integrates your security tools and augments them with next-generation SIEM, orchestration, and threat intelligence capabilities to capture the untapped potential of security investments. Designed by security experts, for security experts, it empowers security teams to efficiently conduct primary functions, such as alert management, search, analysis, investigations, and reporting. To learn more about Helix, visit our product page.
Getting Started with Helix APIs
Helix APIs are the best way to quickly get acquainted with the sort of log data that is being pushed to Helix. Currently developers can use two of Helix's most notable APIs, Helix Alerts API endpoint and Helix Search API endpoint (they both can be found in the OpenAPI Spec page at Helix API.
Helix Alerts API endpoints will return all Helix alerts. Developers will be able to use both the POST and GET methods for this API. Both allow developers to filter the results based on options and parameters passed to the endpoints. Being effective in the API calls is important to better understand the data and for better performance.
Helix Search will allow the developer to create a custom search query by following the MQL syntax guidelines to make searches as if they were using the Helix Search on the UI. Read more about MQL syntax here MQL Overview.
Authentication
To use the Helix APIs a developer will use these methods for authenticating:
Method 1: Requires an active account to authenticate; this can serve well for a developer who would like to build their own solutions for a business requirement.
Method 2: Using a low-level permissions account that will allow a developer to use the APIs with no additional cost. This can be helpful for a developer as they will be using the APIs to better understand the data in Helix.
News and Community
Be sure to keep up to date with the latest changes to the API by following our release notes. You can also join the Helix community to ask questions and suggest features that you would like to see.