FireEye HX

Supported Actions

• test connectivity: Validate the asset configuration for connectivity using supplied configuration
• get system info: Get system information for an endpoint
• quarantine device: Request to contain the endpoint
• get quarantine status: Get the containment status for an endpoint
• set quarantine approved: Approve containment request for host
• unquarantine device: Containment cancellation for host
• get acquisition status: Get status of file acquisition
• get triage: Request Endpoint Host Triage Package
• list device groups: Retrieve a list of host sets in HX optionally filtered by name
• get device group: List endpoints in a host set
• list endpoints: List and search the endpoints on HX
• list acquisitions: Retrieve a list of all acquisitions with optional filters
• start acquisition: Request a file to be acquired into FireEye HX
• get file: Pull the acquired file into Phantom Vault
• get alert: Pull single alert info by ID