AV-Suite Integration

FireEye’s AV-Suite Integration feature is a DTI cloud solution that provides intelligent analysis of complete, incomplete, or corrupted network files. This feature turns on the connection between the AV client (which is embedded in the Malware Analysis appliance) and the DTI cloud.

When this connection is enabled, the AV client looks up the unique hash of each file on the DTI cloud. The DTI cloud analyzes the file and returns its analysis to the appliance. The results of this analysis are displayed in the expanded malware information on the Malware Analysis page in the Web UI.

AV-Suite integration is enabled by default and is used under all normal circumstances. After it has been enabled, no other configuration steps are necessary to run or use this feature. Use the disable command to disconnect the AV client from the DTI cloud for troubleshooting.

Task List for Managing AV-Suite Integration

Complete the steps for managing AV-Suite integration in the following order:

1. In the CLI, specify the settings for AV-Suite integration.
2. Verify that AV-Suite integration is enabled on the appliance. Use the show static-analysis config command.
3. View the results on the Malware Analysis page in the Web UI.