How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
We use it for everything like our logs, data allocation, and ransomware. We basically do malware objects and malware callbacks. I think it's our integration tool. It's our centralized SIEM where we look at all the events, alerts and then do a tryout. The major playbooks that we use are ransomware and phishing campaigns. We basically use it for our PTI-based credit card fraud detection.
The solution is typically used for sub-services, managed detection, and response services as well as advanced sub-services. The solution was managed by the company where I worked and we offered the services to the customer.
We have evaluated great vendors like QRadar, Splunk, and all the big players, but they are certainly lacking at getting all the investigations done properly. With FireEye Helix, if a customer already uses any of the FireEye endpoint solutions, the response part is very fast and the investigation is also very fast. You can do a lot of investigation depending on what that product's like. If you want to clarify something on the endpoint, you have to do it manually but if you are a FireEye customer, you can do it right away. The email security offering around FireEye also directly integrates with your Helix. So if you have to investigate malware you can do it from Helix. It's very powerful and centered on the cloud.
What do you like most about FireEye Helix?
Thanks for sharing your thoughts with the community!
Hi dear community members,
There's a lot of SIEM solutions. SIEMs are not something you just install and wait for great things to happen, right?
What questions should someone ask before purchasing a SIEM?
Help your peers ask the right questions so that they'll make the best decision.