Actions for Trellix ePolicy Orchestrator #
- Send Data to Trellix ePolicy Orchestrator. Sends a custom set of Lucidum data to Trellix ePolicy Orchestrator.
Use Cases #
Below are the possible use cases for these actions:
-
If you want to run Lucidum “headless”, you can send relevant data to Trellix ePolicy Orchestrator on a regular schedule.
- You can send normalized, enriched Lucidum data to Trellix ePolicy Orchestrator to be indexed, searched, and analyzed.
Prerequisites #
To execute Trellix ePolicy Orchestrator actions, you must:
- Configure a Trellix ePolicy Orchestrator API connection beforehand. The required parameters are described in the instructions for creating a Trellix ePolicy Orchestrator connector in Lucidum https://lucidum.io/docs/trellix-epolicy-orchestrator/.
NOTE. The specified account should have read and write permissions.
Workflows #
- Creating a new Configuration and a new Action
- Cloning an Existing Action
- Creating a new Action from the Location Results page
- Editing a Configuration
- Editing an Action
- Viewing Information about an Action
Trellix ePolicy Orchestrator Configuration #
To create a configuration for Trellix ePolicy Orchestrator actions:
-
Configuration Name. Identifier for the Configuration. This name will appear in the Lucidum Action Center.
-
URL. The URL of the Trellix ePolicy Orchestrator (ePO) server and the port to communicate with. For example, https://10.4.1.11:8443
-
Username. The user name for a Trellix ePolicy Orchestrator account that has read and write access to API data.
-
Password. The password for a Trellix ePolicy Orchestrator account that has read and write access to API data.
- Max # of Records per Payload. The maximum number of records to send to Trellix ePolicy Orchestrator in each action. The default value is “50”.
Create a New Action #
To create an action for Trellix ePolicy Orchestrator, contact Lucidum customer care.
