All Collections
Integration Guide
Fidelis ThreatBridge Integration
Fidelis ThreatBridge Integration
Muhammad Omar Khan avatar
Written by Muhammad Omar Khan
Updated over a week ago

About Fidelis ThreatBridge

The Threatbridge Service, installed by the Fidelis Endpoint installer on the Windows Server, provides a continuously-changing stream of threat information to your Fidelis Endpoint system. This threat information can be used to detect suspicious activity in both collected and live data.

You can add threat feeds for Fidelis Endpoint to use in processing events against threat intelligence. A threat feed has threat indicators, which contain information identifying malicious threats.

SIRP’s integration with Fidelis EDR allows security teams to execute threat hunting queries to Threatbridge right from SIRP.

Supported Actions

SIRP’s Fidelis EDR integration app allows you to execute the following actions:

S.no

Action

Description

1

Search IP

Perform a search on list records by address

2

Search Hash

Perform a search on list records by hash

3

Wildcard Search

Perform a wildcard search for a list record for partial matches

Enable and Configure Fidelis EDR

The Threatbridge Service can expose APIs through the HTTP or HTTPS protocols, as specified here:

\Program Files\Fidelis\Endpoint\ThreatBridge\ThreatBridgeService.exe.config

<add key="ServiceProtocol" value="http">

For additional security, use HTTPS protocols. For information about using a proxy connection for ThreatBridge, see “Configuring a Proxy Connection for ThreatBridge" in the Server Installation Guide.

On the Windows Server, you can verify the base URL of the APIs at http://localhost:9566/ThreatBridgeService

Copy the ThreatBridge Service API Key

The API Key is specified here:

\ProgramData\\Fidelis\Endpoint\Shared\SharedSettings.json

"threatBridgeApiKey": "MYAPIKEY" />

  1. Copy the API key

Enable the Fidelis EDR in SIRP

  1. First, log in to SIRP, then go to Apps from the left navigation bar.

  2. Locate the app named Fidelis ThreatBridge Service.

  3. Enable the Fidelis EDR by clicking on the toggle button under the Status Column.

Once enabled, you will see a form to add configuration details

Add the following details and click Save:

  1. URL: <URL of the Fidelis Instance>

  2. API-Key: <API Key copied from the ThreatBridge config file>

Did this answer your question?