FireEye Helix is a cloud-hosted security operations platform that allows organizations to take control of any incident from alert to fix. Available with any FireEye solution, FireEye Helix integrates your security tools and augments them with next-generation SIEM, orchestration, and threat intelligence capabilities to capture the untapped potential of security investments. Designed by security experts, for security experts, it empowers security teams to efficiently conduct primary functions, such as alert management, search, analysis, investigations, and reporting. To learn more about Helix, visit our product page.
Helix APIs is the best way to quickly get acquainted with the sort of log data that is being pushed to Helix. Currently developers can use two of Helix's most notable APIs, Helix Alerts and Helix Search (they both can be found in the OpenAPI Spec page at Helix API.
Helix Alerts API endpoints will return all Helix alerts. Developers will be able to use both the POST and GET methods for this API. Both allow developers to filter the results based on options and parameters passed to the endpoints. Being effective in the API calls is important to better understand the data and for better performance.
Helix Search will allow the developer to create a custom search query by following the MQL syntax guidelines to make searches as if they were using the Helix Search on the UI. Read more about MQL syntax here MQL Overview.
To use the Helix APIs a developer will use these methods for authenticating:
Method 1: Requires an active account to authenticate; this can serve well for a developer who would like to build their own solutions for a business requirement.
Method 2: Using a low-level permissions account that will allow a developer to use the APIs with no additional cost. This can be helpful for a developer as they will be using the APIs to better understand the data in Helix.