Endpoint Security (HX): Detects and responds to advanced threats on endpoints using behavior-based analysis and threat intel.
To onboard such a source to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | trellix |
| product | hx |
| service | cef, fenotify |
| format | text-json | cef |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| sourcetype | index |
|---|---|
| hx_json | fireeye |
| fe_json | fireeye |
| hx_cef_syslog | fireeye |
Tested with: FireEye Add-on for Splunk Enterprise
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: FIREEYE_HX.
Earlier name/vendor
FireEye Endpoint Security (HX)