Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Trellix NX docs #1387

Merged
merged 3 commits into from
Oct 25, 2023
Merged

Trellix NX docs #1387

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bde5422
Trellix NX docs
vladyslav-huriev Oct 18, 2023
cbfb10e
Cleanup
vladyslav-huriev Oct 18, 2023
8a3c683
Update docs/xdr/features/collect/integrations/network/trellix_nx.md
vg-svitla Oct 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions docs/xdr/features/collect/integrations/network/trellix_nx.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
uuid: bae128bb-98c6-45f7-9763-aad3451821e5
name: Trellix Network Security
type: intake

## Overview

Trellix Network Security is an effective cyberthreat protection solution that helps your organization minimize the risk of costly breaches by accurately detecting and immediately stopping advanced, targeted, and other evasive attacks hiding in internet traffic.

vg-svitla marked this conversation as resolved.
Show resolved Hide resolved
!!! warning
Important note - This format is currently in beta. We highly value your feedback to improve its performance.

{!_shared_content/operations_center/detection/generated/suggested_rules_bae128bb-98c6-45f7-9763-aad3451821e5_do_not_edit_manually.md!}

{!_shared_content/operations_center/integrations/generated/bae128bb-98c6-45f7-9763-aad3451821e5.md!}

## Configure

This setup guide will show you how to forward your Trellix Network Security logs to Sekoia.io by means of a syslog transport channel.

### Prerequisites

You should have:

- Have an admin access in Trellix platform.
- Have an internal log concentrator (Rsyslog)

### Enable Syslog forwarding for Trellix Network Security

1. Log onto the Trellix NX console
2. Go to `Settings > Notifications`
3. Click on `rsyslog` and check the `Event type` check box below
4. In the Settings panel, select the `Default format` as `CEF`
5. In the `Rsyslog Server Listing`, type a name for the new entry then click on the button `Add Rsyslog Server`
6. For the new server, check the `Enabled` checkbox, type the ip address of your syslog concentrator
7. Click on the `Update` button to validate the configuration
8. (Optional) Click on the `Test-fire` button if you want to test the forwarding of the logs

### Create the intake

Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format Trellix Network Security.

### Configure the Rsyslog server
Please consult the [Rsyslog Transport](../../../ingestion_methods/rsyslog/) documentation to forward these logs to Sekoia.io.
1 change: 1 addition & 0 deletions mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,7 @@ nav:
- Squid: xdr/features/collect/integrations/network/squid.md
- Stormshield SNS: xdr/features/collect/integrations/network/stormshield_network_security.md
- Suricata: xdr/features/collect/integrations/network/suricata.md
- Trellix Network Security: xdr/features/collect/integrations/network/trellix_nx.md
- Varonis Data Security: xdr/features/collect/integrations/network/varonis_data_security.md
- Vectra Cognito Detect: xdr/features/collect/integrations/network/vectra.md
- Wallix: xdr/features/collect/integrations/network/wallix.md
Expand Down