Collecting Information to Triage Alerts

Appliances can collect information to help determine how and why an alert was triggered. The information can help FireEye Technical Support determine how an alert was generated and whether it is a false positive. This saves time spent manually searching for and downloading alert data.

The information is gathered into a bundle. The bundle includes appliance and configuration information, submission and email analysis data, alert information, artifacts, samples, parsed logs, and so on.

IMPORTANT: Use this feature only with guidance from FireEye Technical Support. Only Technical Support can retrieve the bundle stored on the appliance and open the password-protected bundle .zip file.

To collect the information:

1. Log in to the Malware Analysis Web UI.
2. Click an analysis ID to open the Analysis Details page.
3. Click Prepare Triage Bundle.
4. When the bundle is ready, contact Technical Support to download and retrieve it.

NOTE: To collect the information using the API, you specify the alert UUID. See the FireEye API Reference Guide for details.