Skip to content

Update HXTool to support MD-VPN connected HX appliances during IR through MD Device Proxy #82

New issue
New issue
Open
Open
Update HXTool to support MD-VPN connected HX appliances during IR through MD Device Proxy#82
Assignees
B0fH
Labels
enhancementNew feature or request
@z3k3z

Description

@z3k3z
z3k3z
opened on Jul 1, 2021

(opening on behalf of marius.fodoreanu@mandiant.com, ref: ENDPT-84803)

Hello,

As part of multiple IR engagements, we are often required to use Physical HX on-premise within the client environment.
These HX, when registered through Managed Defense VPN, can be used much more efficiently by IR consultants remotely and securely.

Currently, fenix natively supports this MD-VPN Device Proxy connectivity and this is very useful during IR.

HXTool currently does not support connecting to HX Appliances through this MD-VPN Device Proxy service, that requires a MD pre-authentication, so it is not possible to use HXTool advanced hunting/stacking features during IR engagements with HX appliances connected through MD-VPN.

This is a formal request to assess and if possible, implement support within HXTool, to be able to connect to on-premise HX appliances that are registered to Managed Defense VPN, and reachable through the Device Proxy service: .newhx-web-proxy.md.services.fireeye.com

Thank you
marius.fodoreanu@mandiant.com

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions