Enabling or Disabling AV-Suite Integration Using the CLI

Use the CLI commands to enable or disable AV-Suite integration between the appliance and the DTI cloud.

AV-suite version 6 must be configured for AV-Suite to receive suspicious object hashes through the DTI network to determine whether the object hashes have been seen before.

You can view the results of this integration only using the Web UI.

Prerequisites

  • Administrator or Operator access to the Malware Analysis appliance
  • An established connection to the Internet
  • A connection to the DTI Cloud
  • A FIREEYE_SUPPORT license

To enable AV-Suite integration:

  1. Enable the CLI configuration mode.

    hostname > enable
hostname # configure terminal

  2. Enable AV-Suite integration on the appliance.

    hostname (config) # static-analysis av-suite enable
  3. Verify the status of AV-Suite integration.
    4. hostname (config) # show static-analysis config

  Static Analysis enabled                   : yes
    AV-suite enabled                       : yes
    AV-suite version                        : 6
    SA on AV-suite whitelist enabled        : no
    AV-check enabled                        : yes
    Dropper enabled                         : yes
    YARA enabled                            : yes
  .....

To disable AV-Suite integration:

  1. Enable the CLI configuration mode.

    hostname > enable
hostname # configure terminal

  2. Disable AV-Suite integration on the appliance.

    hostname (config) # no static-analysis av-suite enable
  3. Verify the status of AV-Suite integration.
    4. hostname (config) # show static-analysis config

  Static Analysis enabled                   : yes
    AV-suite enabled                       : no
    AV-suite version                        : 6
    SA on AV-suite whitelist enabled        : no
    AV-check enabled                        : yes
    Dropper enabled                         : yes
    YARA enabled                            : yes
  .....