Update HXTool to support MD-VPN connected HX appliances during IR through MD Device Proxy

[z3k3z]

(opening on behalf of [email protected], ref: ENDPT-84803)

Hello,

As part of multiple IR engagements, we are often required to use Physical HX on-premise within the client environment. These HX, when registered through Managed Defense VPN, can be used much more efficiently by IR consultants remotely and securely.

Currently, fenix natively supports this MD-VPN Device Proxy connectivity and this is very useful during IR.

HXTool currently does not support connecting to HX Appliances through this MD-VPN Device Proxy service, that requires a MD pre-authentication, so it is not possible to use HXTool advanced hunting/stacking features during IR engagements with HX appliances connected through MD-VPN.

This is a formal request to assess and if possible, implement support within HXTool, to be able to connect to on-premise HX appliances that are registered to Managed Defense VPN, and reachable through the Device Proxy service: <VPNapplianceID>.newhx-web-proxy.md.services.fireeye.com

Thank you [email protected]