Trellix Endpoint Security (via Codeless Connector Framework)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | TrellixConnector |
| Publisher | Microsoft |
| Used in Solutions | Trellix |
| Collection Method | CCF |
| Connector Definition Files | Trellix_DataConnectorDefinition.json |
| CCF Configuration | Trellix_PollingConfig.json |
| CCF Capabilities | OAuth2, Paging |
The Trellix Endpoint Security data connector enables you to ingest security events from Trellix ePO (ePolicy Orchestrator) into Microsoft Sentinel. This connector uses OAuth2 client credentials authentication and automatically handles pagination to collect comprehensive endpoint security data including threat detections, analyzer information, source and target system details, and threat response actions.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
TrellixEvents_CL |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): Read and Write permissions are required.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. API Configuration
Configure your Trellix ePO API connection. - API Base URL: https://api.manage.trellix.com
Authentication
Provide your API key for authentication. This will be sent in the x-api-key header. - API Key: (password field)
ℹ️ The API key will be securely stored and used for authentication with the Trellix ePO API.
2. Authentication Configuration
Configure OAuth2 authentication credentials. - Token endpoint: https://iam.cloud.trellix.com/iam/v1.0/token
OAuth2 Configuration
Configure OAuth2 client credentials for API access. Read about the Trellix API authorization model at https://developer.manage.trellix.com/public/mvision/docs/umam - Client ID: Your client ID - Client Secret: (password field)
ℹ️ OAuth2 authentication provides secure access to your API endpoints.
3. Enable Connector
Activate the Trellix Endpoint Security connector
Connector Activation
Review your configuration and enable the connector to start collecting security events. - Click 'Connect Trellix Endpoint Security' to establish connection
Post-Connection
After connecting, monitor the connector status in the Data connectors page. Data should begin appearing within 5-10 minutes.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊