Let Oomnitza be your single source of truth!
You'll get visibility of your assets as data from Trellix is automatically transformed into consumable information and actionable insights.
Connect Oomnitza and Trellix in minutes
You'll get visibility of your Trellix assets by creating configurable workflows to automate tasks such as:
-
- Managing the life-cycle of MVISION ePO API devices, from creating, updating to deleting devices
Navigation
Before you start
Before you can create the integration with Oomnitza, you need to have added your Trellix credentials to Oomnitza.
We recommend that you also create an extended integration for Trellix assets. You can use the information retrieved in these integrations to trigger workflows.
Creating workflows
Create asset workflows
To create an asset workflow, you must complete these steps:
- Click Configuration > Workflows
- Click Add (+) and select Assets from the list.
- Edit the Begin Block and add rules to trigger the workflow. For example, if you set the Actions to New, the workflow will run for every new asset record added to Oomnitza.
- Drag and drop the API block onto the Sandbox.
- Click Edit on the API block and enter Trellix in the search field.
- Select a preset from the list below. To choose a preset, click the forward arrow (>).
- Select the credentials that you created in Adding your Trellix credentials to Oomnitza.
- Enter any mandatory information when prompted. You can refer to existing Oomnitza fields by entering the field name in curly braces with spaces replaced with an underscore. For example:
{{trellix_device_id}}. - Select Advanced Mode.
-
Select the Response tab. You can map the entire response by placing
{{response}}in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. Once you have the entire response, you can then parse the JSON response values to custom Oomnitza fields, as per the example below. - Connect the Blocks.
- Save, validate, and activate your workflow.
Fig: Mapping the Update Device response.
Using the Trellix Create Device preset
The Trellix Create Device preset creates a device.
Did you know?
You can add more information to the message body in the Advanced Mode > Body tab. For further information, see Trellix Docs: POST /epo/v2/devices
Using the Trellix Delete Device preset
The Trellix Delete Device preset deletes a single device, by Device ID.
The device to be deleted is referenced in the Advanced Mode > Information tab in the property{{trellix_device_id}}.
For further information, see Trellix Docs: DELETE /epo/v2/devices/{id}
Warning
If successful, this workflow returns a204 No Contentresponse code. Do not map a response in Advanced Mode > Response, as it will cause the content to fail due to no content.
Using the Trellix Get Asset Details preset
The Trellix Get Asset Details preset gets the details of a single device, by Device ID.
The device to be fetched is referenced in the Advanced Mode > Information tab in the property{{trellix_device_id}}.
For further information, see Trellix Docs: GET /epo/v2/devices/{id}
Using the Trellix Update Device preset
The Trellix Update Device preset updates a single device, by Device ID.
The device to be updated is referenced in the Advanced Mode > Information tab in the property{{trellix_device_id}}.
The device information to be updated is referenced in the Advanced Mode > Body tab. You can add more information to the message body by referring to Trellix Docs: PATCH /epo/v2/devices/{id}
Comments
0 comments
Please sign in to leave a comment.