Fidelis
Version: 3.0.0
Fidelis Elevate is a complete network and endpoint automated threat detection and response platform that improves SOC effectiveness and efficiency. It delivers comprehensive visibility, alert validation, and increased speed to a response by applying industry-leading threat intelligence (Fidelis Insight) to real-time and historical data.
Connect Fidelis with LogicHub
- Navigate to Automations > Integrations.
- Search for Fidelis.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- Fidelis API URL: URL to Web Server.
- Username: Username to log in with.
- Password: Password to log in with.
- After you've entered all the details, click Connect.
Actions for Fidelis
List Alerts
Get the list of all alerts.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Severity | Severity (Default is All results). | Required |
| Threat Score | Minimum Threat Score to return (Default is 0 Threat Score). | Required |
| Malware Score | Minimum Malware Score to return (Default is Empty value). | Required |
| Ticket Status | Ticket Status (Default is All results). | Required |
| Maximum no of rows to retrieve | Maximum no of rows to retrieve (Default is 1000 rows and Max Limit is 100000 rows). | Required |
| Time Range | Last X time range, days:hours:minutes:seconds. Example: 01:00:00:00. (Default is Batch start time). | Required |
Get Alert Details
Get the details of an alert.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert ID column name | Column name from parent table containing alert id. | Required |
Delete Alert
Delete an alert by ID.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert ID column name | Column name from parent table containing alert id. | Required |
Release Notes
v3.0.0- Updated architecture to support IO via filesystemv2.0.1- Added documentation link in the automation library.
Updated about 1 year ago