This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Trellix

1: Central Management System (CMS)

2: Email Threat Prevention (ETP)

3: Endpoint Security (HX)

4: ePolicy Orchestrator (EPO)

5: MPS

1 - Central Management System (CMS)

Central Management System (CMS): Centralized policy and configuration management platform for Trellix security products.

To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.

Labels

Axoflow automatically adds the following labels to data collected from this source:

label	value
vendor	trellix
product	cms
format	cef

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:

sourcetype	source	index
trellix:cms	trellix:cms	netops

Sending data to Google SecOps

When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: FIREEYE_CMS.

2 - Email Threat Prevention (ETP)

Email Threat Prevention (ETP): Analyzes and filters email traffic to block phishing, malware, and targeted email-based threats.

To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.

Labels

Axoflow automatically adds the following labels to data collected from this source:

label	value
vendor	trellix
product	etp
format	cef

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:

sourcetype	index
fe_etp	fireeye

Sending data to Google SecOps

When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: FIREEYE_ETP.

3 - Endpoint Security (HX)

Endpoint Security (HX): Detects and responds to advanced threats on endpoints using behavior-based analysis and threat intel.

To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.

Labels

Axoflow automatically adds the following labels to data collected from this source:

label	value
vendor	trellix
product	hx
format	text-json
format	cef

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:

sourcetype	index
hx_json	fireeye
fe_json	fireeye
hx_cef_syslog	fireeye

Tested with: FireEye Add-on for Splunk Enterprise

Sending data to Google SecOps

When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: FIREEYE_HX.

Earlier name/vendor

FireEye Endpoint Security (HX)

4 - ePolicy Orchestrator (EPO)

ePolicy Orchestrator (EPO): Analyzes and filters email traffic to block phishing, malware, and targeted email-based threats.

To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.

Labels

Axoflow automatically adds the following labels to data collected from this source:

label	value
vendor	trellix
product	epo

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:

sourcetype	index	source
mcafee:epo:syslog	epav	trellix_endpoint_security

Sending data to Google SecOps

When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: MCAFEE_EPO.

Earlier name/vendor

McAfee ePolicy Ochestrator (EPO)

5 - MPS

MPS: Appliance for detecting and blocking advanced threats through inline malware inspection.

To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.

Labels

Axoflow automatically adds the following labels to data collected from this source:

label	value
vendor	trellix
product	mps
format	cef

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:

sourcetype	source	index
trellix:mps	trellix:mps	netops