FireEye ETP Event Collector

Use this integration to fetch email security incidents from Trellix Email Security - Cloud as Cortex XSIAM events.

Email · Trellix Email Security - Cloud

Configuration parameters

  • url — Server URL (e.g., https://etp.us.fireeye.com or https://us.etp.trellix.com). (required)
  • oauth_credentials — Client ID (OAuth)
  • oauth_scopes — OAuth Scopes (OAuth)
  • credentials
  • alerts_max_fetch — Maximum number of Alerts to fetch.
  • email_trace_max_fetch — Maximum number of Email Trace to fetch.
  • activity_log_max_fetch — Maximum number of Activity Log fetch.
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • outbound_traffic — Fetch outbound traffic
  • hide_sensitive — Hide sensitive details from email

Commands (1)

  • fireeye-etp-get-events

    Gets events from Trellix Email Security - Cloud. This command is used for developing/ debugging and is to be used with caution, as it can create events, leading to events duplication and API request limitation exceeding.