Skip to main content Link Menu Expand (external link) Document Search Copy Copied

ResourceName - FEHxDevice

  1. Resource Data
  2. Example
    1. FPL Code
    2. Table Results

The FEHxDevice resource loads …

Resource Data

An example of what this resource includes:

"@FEHxDevice": {
    "_id": "KpZXgaaSDFasdfN4XI",
    "ad_common_names": "KBSL881KD22",
    "ad_domain_comps": "usa, abccorp",
    "ad_org_units": "Computers, Europe, Kiosk Stations",
    "agent_version": "34.28.6",
    "containment_missing_software": false,
    "containment_queued": false,
    "containment_state": "normal",
    "domain": "ABCD",
    "excluded_from_containment": false,
    "gmt_offset_seconds": 7200,
    "hostname": "ABCDKD22",
    "initial_agent_checkin": "2022-05-30T06:34:47.000Z",
    "last_alert": null,
    "last_alert_timestamp": null,
    "last_audit_timestamp": "2022-08-29T13:10:46.496Z",
    "last_exploit_block": null,
    "last_exploit_block_timestamp": null,
    "last_poll_ip": "",
    "last_poll_timestamp": "2022-08-29T13:07:31.000Z",
    "os": {
      "bitness": "64-bit",
      "kernel_version": null,
      "patch_level": null,
      "platform": "win",
      "product_name": "Windows 10 Enterprise"
    "primary_ip_address": "",
    "primary_mac": "11-22-bb-dd-c4-e8",
    "reported_clone": false,
    "stats": {
      "acqs": 0,
      "alerting_conditions": 0,
      "alerts": 0,
      "exploit_alerts": 0,
      "exploit_blocks": 0,
      "false_positive_alerts": 0,
      "false_positive_alerts_by_source": {},
      "generic_alerts": 0,
      "malware_alerts": 0,
      "malware_cleaned_count": 0,
      "malware_false_positive_alerts": 0,
      "malware_quarantined_count": 0
    "sysinfo": {
      "url": "/hx/api/v3/hosts/KpZXgaaSDFasdfN4XI/sysinfo"
    "timezone": "W. Europe Daylight Time",
    "url": "/hx/api/v3/hosts/KpZXgaaSDFasdfN4XI"
  "@customer": "default",
  "@dayIndex": "20220829",
  "@key": "KpZXgaaSDFasdfN4XI",
  "@resource_type": "FEHxDevice",
  "@source": "FireEyeHx",
  "@timestamp": 1661778695690,
  "@type": "resource"


FPL Code

An example of loading the basic inforamtion of the devices:

function loadDevices()
    load resource FEHxDevice
    let {uuid="_id", ad_common_names, hostname,last_poll_ip,last_poll_timestamp,primary_ip_address, osName="os.product_name"}=f("@FEHxDevice")
    sort 10 count_department

stream  devices=loadDevices()

Table Results

Results of the above FPL code:

Page last updated: 2022 Oct 27