Endpoint Security (HX)
Endpoint Security (HX): Detects and responds to advanced threats on endpoints using behavior-based analysis and threat intel.
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | trellix |
| product | hx |
| format | text-json |
| format | cef |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| hx_json | fireeye |
| fe_json | fireeye |
| hx_cef_syslog | fireeye |
Tested with: FireEye Add-on for Splunk Enterprise
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: FIREEYE_HX.
Earlier name/vendor
FireEye Endpoint Security (HX)