Impelix IMPACT Integration
with Trellix Endpoint Security (HX Series)
The Impelix IMPACT platform ingests telemetry from your all your security products as well as third-party feeds (threat intelligence, cybersecurity risk, business resilience intelligence, etc.) and delivers event correlation, security control efficacy, and compliance monitoring.
We believe that the more data ingested into IMPACT, the more context you will have regarding security incidents, which will allow effective and efficient incident response and compliance management. Therefore, we encourage and facilitate connecting vendor products telemetry with Impelix IMPACT platform.
Trellix Endpoint Security (HX Series)
Make Sure the Following Prerequisites are Met
Prerequisites
- Admin or fe_services access
- To forward CEF logs to Helix, a FireEye Cloud Collector or Comm Broker must be installed. See the Cloud Collector Installation Guide of the Unmanaged Communications Broker Installation Guide for details.
Add IMPACT IP Address as the Destination
Define a Cloud Collector or Comm Broker destination to forward CEF log messages to Helix. Define a remote syslog server destination to integrate Endpoint Security with your SIEM solution.
To Add a destination:
- Enable the CLI configuration mode:
hostname > enable hostname # configure terminal - Add the destination
hostname # loggingtrap none hostname # logging trap override class cef priority info where
- Save your settings:
hostname # write mem
Enable CEF Logging for Delivery to IMPACT
To make local CEF logging:
- Enable the CLI configuration mode:
hostname > enable hostname # configure terminal - Enable CEF logging:
hostname # logging local override class cef priority infoAll CEF logging occurs for messages logged at the info system log level. If you set this to any other system log level, CEF logging will not occur. - Save your settings:
hostname # write mem
