Skip to content

Trellix-plb/Trellix-API

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
applyTag
applyTag
 
 
lib
lib
 
 
pullEvents
pullEvents
 
 
systemProperties
systemProperties
 
 
license
license
 
 
profile
profile
 
 
readme.md
readme.md
 
 

Repository files navigation

Trellix API library and scripts

Python scripts for Trellix API
Contact: philippe.le.bescond(at)trellix.com

Disclaimer

This is not an official Trellix ressource. All scripts have been tested in a limited environment. Please do your own tests before any important operation in your tenant. I decline any reponsability if you have any issue with those scripts.

Description

This script can apply tags in ePO SaaS using a system list in a file. It works only on ePO SaaS, not on ePO on premise. A Trellix API license is also required to access ePO SaaS API, you can run 2500 API queries per day, per API license you own.

Configuration

You may need to install these dependancies:
requests
To resolve these dependancies you can use: pip install package

First you must configure profile file where are stored your tenant details. 3 settings must be provided:

  • id : is API client login
  • secret : is API client password
  • x-api-key : is tenant API key

Both information can be retrieved from Trellix developer portal. API client credential must be generated; this operation can take few days.

Few others settings can be customized:

  • log_level: By default set to WARN, it can be set to INFO for more details, DEBUG for troubleshooting, or ERROR to display only errors
  • log_path: If empty, the log file will be written in working directory. You can force a specific folder here
  • device_page_limit: Is the number of systems gathered by each api request from applyTagOnMany.py script. This value should be increased to reduce the number of queries sent to gather information from all systems in ePO.

Scripts list

Quick start

  1. Download all files (Code > Download ZIP) and extract them keeping file tree
  2. Sign in on Trellix SaaS Portal
  3. Browse https://developer.manage.trellix.com/, go to Self Service menu then API Access Management
  4. The API Key, also known as X-API-KEY should be displayed on top, it will be required further
  5. Below you can generate credentials, it can take a while the first time then you can regenerate credentials instantly. The simplest way is to choose all scopes, but for these scripts, required scopes are: epo.device.r epo.device.w epo.tags.r epo.tags.w epo.evt.r
  6. Once you get your API key and credentials, edit profile file with a text editor and fill it with your information
  7. You should be able to run any script, check each script usage

About

Some scripts for Trellix API

Topics

epo mvision-edr mvision trellix trellix-epo

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages