FireEye Logs
Overview
Section titled “Overview”Evidence: FireEye Logs
Description: Collect FireEye Logs
Category: Applications
Platform: windows
Short Name: fryl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”FireEye Endpoint Security (xAgent) is an enterprise EDR solution that provides advanced threat detection, behavioral analysis, and incident response capabilities. The xagt component stores threat intelligence and detection data in database files.
Data Collected
Section titled “Data Collected”This collector gathers structured data about fireeye logs.
Collection Method
Section titled “Collection Method”This collector gathers FireEye xAgent database files from ProgramData, which contain EDR events, threat detections, behavioral analysis, and endpoint telemetry.
Forensic Value
Section titled “Forensic Value”FireEye databases are essential for advanced threat investigations, providing EDR visibility, behavioral analysis, IOC detections, and threat intelligence correlation. They’re critical for investigating APT activities and sophisticated attacks.