https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572153#M101267 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231884">@PickleRick</a>&nbsp;</P><P>Cool. We have UDP opened on all the syslog forwarders.&nbsp;</P> Sun, 24 Oct 2021 13:11:56 GMT kiranpanchavat1 2021-10-24T13:11:56Z https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572142#M101263 <P>Dears,</P><P>Can we integrate the Fireeye HX with Splunk using GUI or not ? If not let me know the process for CLI.&nbsp;</P> Sun, 24 Oct 2021 10:54:14 GMT https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572142#M101263 kiranpanchavat1 2021-10-24T10:54:14Z https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572147#M101264 <P>What kind of integration you want? FireEye HX can export alerts in CEF format which can be quite easily parsed by splunk. I don't remember if it can send alerts directly to HEC.</P><P>Also if I remember correctly, the HX has REST API so you could define workflow actions on splunk side but I don't recall seeing a ready-made app with this.</P> Sun, 24 Oct 2021 12:28:39 GMT https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572147#M101264 PickleRick 2021-10-24T12:28:39Z https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572149#M101265 <P>Hello&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231884">@PickleRick</a>&nbsp;</P><P>Thanks for the reply.&nbsp;</P><P>We have followed the below steps to integrate fireeye hx.&nbsp;</P><P>The HX appliance logging cannot be set from the GUI as of right now, please use the CLI:<BR />hostname # logging 173.1.227.134 trap none<BR />hostname # logging 173.1.227.134 &nbsp;trap override class cef priority info<BR />hostname # logging 173.2.227.134 trap none<BR />hostname # logging 173.2.227.134 &nbsp;trap override class cef priority info<BR />hostname # write mem</P><P><A href="https://splunkbase.splunk.com/app/1845/#/details" target="_blank">FireEye App for Splunk Enterprise v3 | Splunkbase</A>&nbsp;</P><P>But not working.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 24 Oct 2021 12:34:32 GMT https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572149#M101265 kiranpanchavat1 2021-10-24T12:34:32Z https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572152#M101266 <P>I haven't touched HX for few years so I don't remember exactly but I suppose this way you set up forwarding log on default syslog port. Do you have a listener on your splunk server on udp:514?</P> Sun, 24 Oct 2021 13:09:54 GMT https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572152#M101266 PickleRick 2021-10-24T13:09:54Z https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572153#M101267 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231884">@PickleRick</a>&nbsp;</P><P>Cool. We have UDP opened on all the syslog forwarders.&nbsp;</P> Sun, 24 Oct 2021 13:11:56 GMT https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572153#M101267 kiranpanchavat1 2021-10-24T13:11:56Z https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572154#M101268 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231884">@PickleRick</a>&nbsp;</P><P>&nbsp;</P><P>UDP ports has been opened already . We are receiving the fireeye NX, EX and CMS logs not HX logs. Not sure is there any configuration we need to change on fireeye side .&nbsp;</P><P>can you please post this comment on any splunk slack channels and get the update ASAP.&nbsp;</P><P>Thanks for your help in advance.&nbsp;</P> Sun, 24 Oct 2021 13:39:07 GMT https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572154#M101268 kiranpanchavat1 2021-10-24T13:39:07Z https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572155#M101269 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231884">@PickleRick</a>&nbsp;</P><P>&nbsp;</P><P>We are receiving syslog logs not HX application logs . We tried both GUI and CLI options but no luck .&nbsp;</P> Sun, 24 Oct 2021 13:45:10 GMT https://community.splunk.com/t5/Getting-Data-In/FireEye-HX-integration/m-p/572155#M101269 kiranpanchavat1 2021-10-24T13:45:10Z