This is a collection of different TRELLIX EDR integration scripts.
To authenticate against the TRELLIX EDR API, client credentials need to be generated with the TRELLIX EDR Credential Generator first.
-
Log on to TRELLIX EPO Console using your credentials
-
Go to "Appliance and Server Registration" page from the menu
-
Click on "Add" button
-
Choose client type "TRELLIX Endpoint Detection and Response"
-
Enter number of clients (1)
-
Click on the "Save" button
-
Copy the "Token" value from the table under the section "TRELLIX Endpoint Detection and Response"
-
Pass the token value as the input parameter to the trellix_edr_creds_generator.py script
-
The script will generate the client_id, client_secret and print on the output console / writes the output to a file (optional)
-
Use the client_id, client_secret for authentication against the TRELLIX EDR API
TRELLIX EDR Action History: This is a script to retrieve the action history from TRELLIX EDR.
TRELLIX EDR Device Search: This is a script to query the device search in TRELLIX EDR.
TRELLIX EDR Real-Time-Search and Reaction Script: This is a collections of scripts that will start RTS for hashes or process and provides the ability to execute reactions.
TRELLIX EDR Threats: This is a script to retrieve the threat detections from TRELLIX EDR (Monitoring Dashboard).