Skip to main content

Impelix IMPACT Integration
with Trellix Endpoint Security (HX Series)

The Impelix IMPACT platform ingests telemetry from your all your security products as well as third-party feeds (threat intelligence, cybersecurity risk, business resilience intelligence, etc.) and delivers event correlation, security control efficacy, and compliance monitoring.

We believe that the more data ingested into IMPACT, the more context you will have regarding security incidents, which will allow effective and efficient incident response and compliance management. Therefore, we encourage and facilitate connecting vendor products telemetry with Impelix IMPACT platform.

Trellix Endpoint Security (HX Series)

Make Sure the Following Prerequisites are Met

Prerequisites
  • Admin or fe_services access
  • To forward CEF logs to Helix, a FireEye Cloud Collector or Comm Broker must be installed. See the Cloud Collector Installation Guide of the Unmanaged Communications Broker Installation Guide for details.
Add IMPACT IP Address as the Destination

Define a Cloud Collector or Comm Broker destination to forward CEF log messages to Helix. Define a remote syslog server destination to integrate Endpoint Security with your SIEM solution.

To Add a destination:
  • Enable the CLI configuration mode: hostname > enable hostname # configure terminal
  • Add the destination hostname # logging trap none hostname # logging trap override class cef priority info

    where is the IP address of the Cloud Collector or the remote syslog server destination.

  • Save your settings: hostname # write mem
Enable CEF Logging for Delivery to IMPACT

To make local CEF logging:

  • Enable the CLI configuration mode: hostname > enable hostname # configure terminal
  • Enable CEF logging: hostname # logging local override class cef priority info All CEF logging occurs for messages logged at the info system log level. If you set this to any other system log level, CEF logging will not occur.
  • Save your settings: hostname # write mem

The Next Evolution of Security Operations

Avoid alert noise, high cost of data ingestion, and incident response complexity.
Move to our Automated SecOps and Enterprise Risk Management Platform.
✔︎ Respond     ✔︎ Investigate     ✔︎ Prevent     ✔︎ Comply
Schedule a Demo