This article covers the step-by-step procedure to send data such as endpoints, policy, acquisitions, alerts, source alerts, conditions, indicators, and containment from your Trellix Endpoint Security instance to the Human Managed platform via API.
Human Managed will establish a connection to pull Trellix Endpoint Security data from your instance. Some parts of this this guide is derived from Trellix’s Official Docs Website.
Step 1: Create a service request for Human Managed to configure the API Receiver
- Submit a request
- In the Subject, type or select Connect Trellix Endpoint Security via API
- Once the ticket has been accepted by Human Managed and the ticket status has been updated, follow the next steps.
Step 2: Enable Trellix Endpoint API Documentation Module
You can enable and disable the API Documentation module directly in the Endpoint Security Web UI’s Modules Page:
To enable the Endpoint API Documentation Module:
- Log in to the Endpoint Security Web UI as an administrator.
- From the Modules menu, select HX Module Administration to access the Modules page.
- On the Modules page, locate the Endpoint API Documentation module and click the Actions icon (the gear symbol) and select Enable to enable the module. You can Disable the module there as well.
Step 3: Configure API User Accounts or API Token
To submit API requests to the Endpoint Security server, HM must have either an API User Account.
To use an API user account, an Endpoint Security Administrator must create either an api_admin or api_analyst account. Human Managed only needs api_analyst account for collecting data. If actions need to be taken using Trellix Endpoint Security, api_admin will be required.
Step 4: Submit your credentials to Human Managed
In the same service request ticket you opened in Step 1, update the ticket with the following details:
Trellix Endpoint Security User Account username and password
Comments
0 comments
Please sign in to leave a comment.