About Fidelis ThreatBridge
The Threatbridge Service, installed by the Fidelis Endpoint installer on the Windows Server, provides a continuously-changing stream of threat information to your Fidelis Endpoint system. This threat information can be used to detect suspicious activity in both collected and live data.
You can add threat feeds for Fidelis Endpoint to use in processing events against threat intelligence. A threat feed has threat indicators, which contain information identifying malicious threats.
SIRP’s integration with Fidelis EDR allows security teams to execute threat hunting queries to Threatbridge right from SIRP.
SIRP’s Fidelis EDR integration app allows you to execute the following actions:
Perform a search on list records by address
Perform a search on list records by hash
Perform a wildcard search for a list record for partial matches
Enable and Configure Fidelis EDR
The Threatbridge Service can expose APIs through the HTTP or HTTPS protocols, as specified here:
<add key="ServiceProtocol" value="http">
For additional security, use HTTPS protocols. For information about using a proxy connection for ThreatBridge, see “Configuring a Proxy Connection for ThreatBridge" in the Server Installation Guide.
On the Windows Server, you can verify the base URL of the APIs at http://localhost:9566/ThreatBridgeService
Copy the ThreatBridge Service API Key
The API Key is specified here:
"threatBridgeApiKey": "MYAPIKEY" />
Copy the API key
Enable the Fidelis EDR in SIRP
First, log in to SIRP, then go to Apps from the left navigation bar.
Locate the app named Fidelis ThreatBridge Service.
Enable the Fidelis EDR by clicking on the toggle button under the Status Column.
Once enabled, you will see a form to add configuration details
Add the following details and click Save:
URL: <URL of the Fidelis Instance>
API-Key: <API Key copied from the ThreatBridge config file>