Configure FireEye TAP Cloud Collector

The FireEye® Threat Analytics Platform (TAP) generates events securely using the cloud connector. Create the FireEye connector to send BeyondInsight events to the FireEye TAP server.

You need a FireEye Comm Broker Sender installed and available to BeyondInsight.

  1. In the BeyondInsight Console, go to Configuration > General > Connectors.
  2. In the Connectors pane, click Create New Connector.
  3. Enter a name for the connector.
  1. Select FireEye TAP Cloud Collector from the Connector Type list.
  2. Click Create Connector.
  3. Leave Active (yes) enabled.
  4. Provide the required details for your FireEye Comm Broker Sender:
    • Select the protocol from the Available Output Pipelines list: TCP, TCP-SSL, or UDP.
    • Enter Host Name and Port.
  5. Expand Event Filters, and then select the events that you want to forward.
  6. Click Test Connector to send a test event message.
  7. Click Create Connector.

If an event is received from Password Safe Cloud, a Resource Zone can now be associated with any connector that sends data using syslog. If selected, Password Safe Cloud proxies the syslog data through the Resource Brokers associated with that Resource Zone.

For more information, please see your FireEye documentation or contact the vendor to ensure the proper installation of the Comm Broker Sender.