Skip to main content
Sign in

Adding your Trellix credentials to Oomnitza

  • March 04, 2024 16:32
  • Updated

Best practice
For the integration with Oomnitza, create a dedicated user account.

Client ID and Secret

Trellix uses OAuth authentication and requires your Client ID, Secret and Scope to be added to Oomnitza.

To obtain your Client ID and secret, complete the following steps:

  1. Log in to your Trellix account, or sign up for a free trial
  2. Go to the Appliance and Server Registration page from the menu
  3. Click Add.
  4. Select the MVISION Endpoint Detection and Response Client type
  5. Enter the number of clients (1)
  6. Click Save.
  7. Copy the token value from the table.
  8. Download the mvision_edr_creds_generator.py script from GitHub.
  9. Run the script and pass the token name in the command line, i.e.python C:\Users\OomnitzaUser\...mvision_edr_creds_generator.py --regtoken 1AbcdEF_
  10. Copy your Client ID and secret for use in Oomnitza.

Warning
Client types and scopes are governed by Trellix and will take a few days for review and approval. Trellix may contact you for additional details prior to approving the client type and the scope.

Recommended Links

Trellix API Documentation

McAfee Enterprise GitHub Repository

Scopes

You will also need the following scopes for running the user and asset loads and workflows.

Integration name Scope name
McAfee Trellix User Load bps.tnt.r
McAfee Trellix Asset Load epo.device.r
McAfee Trellix User Workflows bps.tnt.c bps.tnt.r bps.tnt.u
McAfee Trellix Asset Workflows epo.device.w epo.device.r

Adding your credentials

To stream Trellix data into Oomnitza, add the credentials that you obtained to Oomnitza:

  1. In Oomnitza, click Configuration > Security > Credentials.
  2. Click Add new credential (+).
  3. Search for the integration, and then click the forward arrow > to select the integration. 
  4. Enter your client credentials and any other additional information.
  5. Click Authenticate. You are prompted to log in to authorize your request.
  6. Click CREATE.
  1. Add the information details.
  2. Click the AUTHORIZATION tab.
  3. Ensure that OAuth 2.0 is selected as the Authorization type.
  4. Ensure that McAfee Trellix is selected from the SaaS list.
  5. Complete these actions:
    • Enter your client ID.
    • Enter your client secret.
    • Enter a space-separated list of scopes. 
  6. Click Authenticate
  7. Click CREATE

You use the credentials that you added to create and customize your integrations with Oomnitza.

Related articles

Comments

0 comments

Please sign in to leave a comment.