This is a collection of different TRELLIX EDR integration scripts.
These scripts are intended to be a guideline and not supported by Trellix , if you help integrating scripts with EDR reach out to Trellix Professional services
To authenticate against the TRELLIX EDR API, client credentials need to be generated with the TRELLIX EDR Credential Generator first.
-
Log on to TRELLIX EPO Console using your credentials
-
Go to "Appliance and Server Registration" page from the menu
-
Click on "Add" button
-
Choose client type "TRELLIX Endpoint Detection and Response"
-
Enter number of clients (1)
-
Click on the "Save" button
-
Copy the "Token" value from the table under the section "TRELLIX Endpoint Detection and Response"
-
Pass the token value as the input parameter to the trellix_edr_creds_generator.py script
-
The script will generate the client_id, client_secret and print on the output console / writes the output to a file (optional)
-
Use the client_id, client_secret for authentication against the TRELLIX EDR API
TRELLIX EDR Action History: This is a script to retrieve the action history from TRELLIX EDR.
TRELLIX EDR Device Search: This is a script to query the device search in TRELLIX EDR.
TRELLIX EDR Real-Time-Search and Reaction Script: This is a collections of scripts that will start RTS for hashes or process and provides the ability to execute reactions.
TRELLIX EDR Threats: This is a script to retrieve the threat detections from TRELLIX EDR (Monitoring Dashboard).