Available search fields for query building
Closed this issue · 4 comments
I was going through HXTool code trying to find where available search fields (like 'Cookie Name', 'DNS Hostname', etc.) that are used in terms for /searches
post are queried from fireeye API, cause they do not seem to be hardcoded. Help would be appreciated.
Hi @vytska -
HXTool's Enterprise Search feature only supports OpenIOC terms. The OpenIOC terms that are supported by the Endpoint Security agent are listed in the Agent Admin on the FireEye Documentation Portal under the 'OpenIOC Search Terms Supported by
the Agent' section of the guide. The terms you are referencing are Quick Search terms, which map to OpenIOC terms, that mapping is documented in the Endpoint Security API guide, under the searches section.
Thanks,
Elazar
Hi @B0fH,
Thank you for reply. Unfortunately I don't have access to inner fireeye documentation. Do I understand correctly that there is an endpoint to get supported search terms, but it is not listed in this API reference I've been using?
https://fireeye.dev/apis/lighthouse/
Hi @vytska -
Unfortunately, there's no API that will give you a list of supported OpenIOC terms and their associated quick search terms. That being said, the OpenIOC terms themselves are listed in the OpenIOC Editor (OpenIOCe) on the FireEye Marketplace: https://fireeye.market/apps/211404
As for the documentation itself, I'm unable to share it here. I'd recommend reaching out to your FireEye account team to gain access to the documentation portal.
Thanks,
Elazar