Trellix Endpoint Security (HX) (formerly FireEye Endpoint Security (HX)) can be deployed as an on-premise hardware appliance, a virtual appliance, or through a cloud instance. Trellix Endpoint Security (HX) monitors each endpoint device or host, collecting real-time data of events, identifying threat activity collecting forensic data, and quarantining endpoints if necesary.
Configuring the Connector for Trellix Endpoint Security (HX) #
To configure Lucidum to ingest data from Trellix Endpoint Security (HX):
-
Log in to Lucidum.
-
In the left pane, click Connector.
-
In the Connector page, click Add Connector.
-
Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.
-
In the Settings page, enter the following:
-
Host (required) – The hostname or IP Address of the Trellix Endpoint Security (HX)ecurity management server.
-
Port (optional) – Default is 3000.
-
User Name and Password (required) – A valid user account on Trellix Endpoint Security (HX)ecurity associated with the api_admin or api_analyst role.
-
Verify SSL. For future use.
-
-
To test the configuration, click Test.
-
If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.
-
If the connector is not configured correctly, Lucidum displays an error message.
-