Trellix Actions

Actions for Trellix #

• Send Data to Trellix. Sends a custom set of Lucidum data to Trellix.

Use Cases #

Below are the possible use cases for these actions:

• If you want to run Lucidum “headless”, you can send relevant data to Trellix on a regular schedule.

• You can send normalized, enriched Lucidum data to Trellix to be indexed, searched, and analyzed.

Prerequisites #

To execute Trellix actions, you must configure a Trellix API connection beforehand.

Workflows #

• Creating a new Configuration and a new Action
• Cloning an Existing Action
• Creating a new Action from the Location Results page
• Editing a Configuration
• Editing an Action
• Viewing Information about an Action

Trellix Configuration #

To create a configuration for Trellix actions:

• Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.

• URL. The URL for the Trellix APIs. For examples, https://api.manage.trellix.com.

• Client ID. A client ID for an account with read and write access to the Trellix APIs. For details, see https://developer.manage.trellix.com/public/mvision/docs/umam and https://docs.trellix.com/bundle/iam_ag/page/UUID-4b1f4092-b6a2-3cd0-f62e-c2a576e02524.html. For details on permissions, see https://developer.manage.trellix.com/public/mvision/docs/apirra.

• Client Secret. A client secret for an account with read and write access to the Trellix APIs. For details, see https://developer.manage.trellix.com/public/mvision/docs/umam and https://docs.trellix.com/bundle/iam_ag/page/UUID-4b1f4092-b6a2-3cd0-f62e-c2a576e02524.html. For details on permissions, see https://developer.manage.trellix.com/public/mvision/docs/apirra.

• Proxy. If you are using a proxy server to allow this connector to communicate with on-premises devices, enter the IP address: port for the proxy server, usually 192.168.255.6:3128.

• Max # of Records per Payload. The maximum number of records to send to Trellix in each action. The default value is “50”.

Manage Action Token #

To describe an action token for Trellix actions:

1. Click the token icon.

2. In the Manage Action Tokens page, click the plus-sign in the upper right.

Create a New Action #

To create an action for Trellix, contact Lucidum customer care.