This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Endpoint Security (HX)

To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.

Labels

Axoflow automatically adds the following labels to data collected from this source:

label value
vendor trellix
product hx
format text-json
format cef

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:

sourcetype index
hx_json fireeye
fe_json fireeye
hx_cef_syslog fireeye

Tested with: FireEye Add-on for Splunk Enterprise

Earlier name/vendor

FireEye Endpoint Security (HX)