FireEye Helix works with your SaaS applications to gather telemetry, such as audit events, to detect malicious activity and speed up your security investigations. Helix Cloud Connect is an integration portal that makes it easy to integrate over 80 security and business applications with Helix through cloud-to-cloud API connections. These capabilities include:

  • Gain visibility into events happening across your security and business operations.
  • Integrate 3rd party threat intelligence for additional threat enrichment
  • Share threats with other SaaS based products for blocking and remediation.

How it works

Setting up cloud connections typically only takes a few minutes using the specific installation steps for a given integration. Each integration has a step-by-step wizard which will provide all the appropriate instructions for gathering and providing the required configuration. Once configured, the integration will operate within Helix to perform event collection or other interactions with external APIs.

Below are screenshots of what you should expect when visiting Cloud Connect and adding a new connection.

Cloud Connect Welcome page Cloud connect

To add a new connection, navigate to the "Add Cloud Connection" button in the right corner of the table (see above image) Add cloud connection

The integrations can be managed using the portal for listing, creating, editing, disabling, and deleting. The portal also provides a simple way of viewing the events for a given integration in the Helix search interface and verifying the health of the integration.

Integration types

There are different types of integrations:

  • Polling: Helix will periodically reach out, typically every minute, to an API to see if new events are available.
  • Receiving: Helix will receive events via cloud storage, such as AWS S3.
  • Webhook: Helix is notified that new events are available via Webhook, which triggers Helix to retrieve the events.
  • REST: Helix receives the events as a direct upload and can perform user-defined field mapping of events.

Coming Soon

The Developer Relations team and Cloud Connect team are currently working together to build a platform-based service to allow any developer to add their own unique custom plugin into Cloud Connect. This means that developer from any organization with the proper subscription request their plugins to be added into Cloud Connect!

Come back soon for more information!