How to integrate FireEye account?
Overview
To authenticate with FireEye (Trellix) Helix/Endpoint Security and access their REST APIs, you will need the following information:
- API Base URL (your FireEye instance URL)
- API Key (X-FeApi-Token)
- Username (for initial authentication)
- Password (for initial authentication)
Step 1: Login to FireEye Console
- Sign in to your FireEye Helix console at
https://<your-instance>.fireeye.com- Or for Endpoint Security:
https://<your-instance>.fireeyecloud.com
- Or for Endpoint Security:
- Ensure you have Administrator or API User role
Step 2: Generate API Token
Via FireEye Helix Console
- Navigate to Settings → API Keys
- Click Generate New API Key
- Enter the following details:
- Key Name: Enter a descriptive name (e.g., "Unizo Integration")
- Description: Add integration purpose
- Expiration: Set token expiration (optional)
- Select Permissions:
- Read: For read-only operations
- Write: For modification operations
- Execute: For response actions
- Click Generate
Step 3: Copy API Credentials
After generation, save:
- API Token: The authentication token (X-FeApi-Token)
- API Base URL: Your FireEye instance URL
Important:
- Store the token securely
- Tokens typically expire after 24 hours or custom duration
- Regenerate before expiration
Step 4: Determine Your Instance URL
Your FireEye instance URL depends on your deployment:
FireEye Endpoint Security (HX):
- Format:
https://<instance>.fireeyecloud.com - Example:
https://mycompany-hx.fireeyecloud.com