Trellix
Trellix has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks
Configuration
| Name | Type | Description |
|---|---|---|
client_id |
string |
Client id to interact with Trellix API |
client_secret |
string |
Client secret to interact with Trellix API |
api_key |
string |
Api key to interact with Trellix API |
delay |
integer |
Delay between running the connector |
base_url |
string |
Base url of the Trellix API |
auth_url |
string |
Url of the authentication server |
Triggers
[ALPHA] Get Trellix EDR events
Trigger playbook to get Trellix events information
Arguments
| Name | Type | Description |
|---|---|---|
frequency |
integer |
Interval, in seconds, between two fetches of events |
intake_server |
string |
Server of the intake server (e.g. 'https://intake.sekoia.io') |
intake_key |
string |
Intake key to use when sending events |
chunk_size |
integer |
The max size of chunks for the batch processing |
ratelimit_per_minute |
integer |
Maximum number of requests per minute |
ratelimit_per_day |
integer |
Maximum number of requests per day |
records_per_request |
integer |
Number of records to fetch per 1 request |
[ALPHA] Get Trellix ePO events
Trigger playbook to get Trellix events information
Arguments
| Name | Type | Description |
|---|---|---|
frequency |
integer |
Interval, in seconds, between two fetches of events |
intake_server |
string |
Server of the intake server (e.g. 'https://intake.sekoia.io') |
intake_key |
string |
Intake key to use when sending events |
chunk_size |
integer |
The max size of chunks for the batch processing |
ratelimit_per_minute |
integer |
Maximum number of requests per minute |
ratelimit_per_day |
integer |
Maximum number of requests per day |
records_per_request |
integer |
Number of records to fetch per 1 request |
Extra
Module Trellix v1.10.3