Make sure the MAS user is an admin user, not analyst.
To verify the problem you can use the attached python script.
Connect to the Security Analytics appliance via SSH.
1. Backup the existing fireeye.py script file: cp /usr/lib64/python3.3/site-packages/derp/providers/fireeye.py /usr/lib64/python3.3/site-packages/derp/providers/fireeye.bak
1. Replace the fireeye.py file in /usr/lib64/python3.3/site-packages/derp/providers
with the attached version of the file
2. Restart derpd:
service derpd restart
3. Request for FireEye analysis
4. /var/log/messages will show the permission error if you search for the submitted filename.