Trellix website screenshot

Trellix

Trellix is a cybersecurity company that delivers comprehensive, open, and native extended detection and response (XDR) platform. The company provides threat detection, investigation, and response capabilities across endpoints, networks, data, and cloud environments.

14 APIs 0 Features
Cloud SecurityCybersecurityEndpoint SecurityThreat DetectionThreat IntelligenceXDR

APIs

Trellix ePO API

McAfee ePolicy Orchestrator (ePO) REST API for centralized security management, policy enforcement, and reporting across the enterprise.

Trellix ePO SaaS API

The Trellix ePO SaaS API provides cloud-based access to ePolicy Orchestrator management capabilities. It enables programmatic control of devices, events, tags, queries, and resp...

Trellix Insights API

API for accessing threat intelligence, security analytics, and insights from the Trellix threat research platform. Provides investigation of indicators of compromise, campaign t...

Trellix EDR API

Endpoint Detection and Response API for advanced threat hunting, investigation, and automated response capabilities. The EDR API supports querying threat data, searching devices...

Trellix Data Exchange Layer (DXL) API

Messaging fabric API that enables real-time communication between security tools and data sharing across the security ecosystem. OpenDXL provides client libraries in Python, Jav...

Trellix Endpoint Security (HX) API

REST API for the Trellix Endpoint Security (HX) platform, formerly FireEye HX. Provides programmatic access to endpoint information, acquisitions, alerts, indicators, conditions...

Trellix Data Loss Prevention (DLP) API

REST API for Trellix Data Loss Prevention Endpoint that enables programmatic management of DLP policies, retrieval and analysis of data loss incidents, and integration with clou...

Trellix Email Security Cloud API

RESTful API for Trellix Email Security Cloud (formerly FireEye ETP) providing custom integration capabilities for advanced threat detection in email. Supports APIs for querying ...

Trellix Helix API

API for the Trellix Helix security operations platform that integrates security controls from Trellix and over 500 third-party sources to create multi-vector threat detections a...

Trellix Intelligent Sandbox API

REST API for Trellix Intelligent Sandbox (formerly Advanced Threat Defense) that enables automated submission and analysis of files and URLs in a sandboxed environment. Supports...

Trellix Threat Intelligence Exchange (TIE) API

API for Trellix Threat Intelligence Exchange which acts as a reputation broker enabling real-time sharing of threat intelligence from global and local sources across the securit...

Trellix IOC (Indicators of Compromise) API

REST API interface for managing indicators of compromise within the Trellix security platform. Enables uploading, querying, and managing IOCs including file hashes, IP addresses...

Trellix Detection as a Service API

API-driven malware detection service that leverages the Trellix Multi-Vector Virtual Execution (MVX) engine and multiple dynamic machine learning, AI, and correlation engines to...

Trellix API Explorer

Interactive API documentation and testing tool for Trellix security products formerly under the FireEye brand. Provides a web-based interface for exploring and testing API endpo...

Collections

Pricing Plans

Trellix Plans Pricing

1 plans

PLANS

Rate Limits

Trellix Rate Limits

1 limits

RATE LIMITS

FinOps

Semantic Vocabularies

Trellix Context

22 classes · 8 properties

JSON-LD

API Governance Rules

Trellix API Rules

9 rules · 2 errors 6 warnings 1 info

SPECTRAL

JSON Structure

Trellix Structure

0 properties

JSON STRUCTURE

Trellix Threat Structure

0 properties

JSON STRUCTURE

Example Payloads

Trellix List Threats Example

2 fields

EXAMPLE

Resources

🔗
LinkedIn
LinkedIn
🌐
Portal
Portal
🌐
DeveloperPortal
DeveloperPortal
🔗
Documentation
Documentation
🔑
Authentication
Authentication
🚀
GettingStarted
GettingStarted
💬
Support
Support
🔗
Login
Login
📝
Signup
Signup
🔗
Community
Community
🟢
StatusPage
StatusPage
📰
Blog
Blog
📜
PrivacyPolicy
PrivacyPolicy
📜
TermsOfService
TermsOfService
👥
GitHubOrganization
GitHubOrganization
👥
GitHubOrganization
GitHubOrganization
👥
GitHubOrganization
GitHubOrganization
👥
GitHubOrganization
GitHubOrganization
🔗
Website
Website
🔗
Knowledge Base
Knowledge Base
🔗
PostmanCollection
PostmanCollection
📄
ReleaseNotes
ReleaseNotes
🔗
OpenAPI
OpenAPI
🔗
OpenAPI
OpenAPI
🔗
JSONSchema
JSONSchema
🔗
JSONSchema
JSONSchema
🔗
JSONStructure
JSONStructure
🔗
JSONLD
JSONLD
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: Trellix ePO SaaS API
  version: '2.0'
request:
  auth:
    type: bearer
    token: '{{bearerToken}}'
items:
- info:
    name: Devices
    type: folder
  items:
  - info:
      name: List managed devices
      type: http
    http:
      method: GET
      url: https://api.manage.trellix.com/epo/v2/devices
      params:
      - name: limit
        value: ''
        type: query
        description: Maximum number of items to return per page
      - name: offset
        value: ''
        type: query
        description: Number of items to skip for pagination
      - name: filter
        value: ''
        type: query
        description: Filter expression to narrow device results by attributes such as name, operating system, or agent status.
      - name: sort
        value: ''
        type: query
        description: Sort order for results, specified as a field name with optional direction prefix (+ for ascending, -
          for descending).
    docs: Retrieve a paginated list of all endpoint devices registered and managed through ePO SaaS. Returns device attributes
      including name, agent GUID, tags, operating system, and last communication timestamp.
  - info:
      name: Get device details
      type: http
    http:
      method: GET
      url: https://api.manage.trellix.com/epo/v2/devices/:deviceId
      params:
      - name: deviceId
        value: ''
        type: path
        description: Unique identifier of the managed device
    docs: Retrieve detailed information about a specific managed device by its unique identifier. Returns comprehensive device
      attributes including hardware details, installed products, and agent status.
- info:
    name: Events
    type: folder
  items:
  - info:
      name: List threat events
      type: http
    http:
      method: GET
      url: https://api.manage.trellix.com/epo/v2/events
      params:
      - name: limit
        value: ''
        type: query
        description: Maximum number of items to return per page
      - name: offset
        value: ''
        type: query
        description: Number of items to skip for pagination
      - name: since
        value: ''
        type: query
        description: Return events that occurred after this ISO 8601 timestamp. Maximum lookback is 3 days due to data retention
          limits.
      - name: filter
        value: ''
        type: query
        description: Filter expression to narrow events by attributes such as severity, analyzer name, or agent GUID.
    docs: Retrieve threat events detected across managed endpoints. Events include malware detections, policy violations,
      and other security incidents. The data retention period for events is 3 days.
- info:
    name: Default
    type: folder
  items:
  - info:
      name: List tags
      type: http
    http:
      method: GET
      url: https://api.manage.trellix.com/epo/v2/tags
      params:
      - name: limit
        value: ''
        type: query
        description: Maximum number of items to return per page
      - name: offset
        value: ''
        type: query
        description: Number of items to skip for pagination
    docs: Retrieve all tags configured in ePO SaaS. Tags are used to organize and group managed devices for policy assignment
      and reporting purposes.
  - info:
      name: Create a tag
      type: http
    http:
      method: POST
      url: https://api.manage.trellix.com/epo/v2/tags
      body:
        type: json
        data: '{}'
    docs: Create a new tag in ePO SaaS for organizing managed devices. Tags can be applied to devices manually or through
      automated criteria-based assignment rules.
  - info:
      name: Get tag details
      type: http
    http:
      method: GET
      url: https://api.manage.trellix.com/epo/v2/tags/:tagId
      params:
      - name: tagId
        value: ''
        type: path
        description: Unique identifier of the tag
    docs: Retrieve details of a specific tag including its name, description, and the criteria used for automatic device assignment.
  - info:
      name: Delete a tag
      type: http
    http:
      method: DELETE
      url: https://api.manage.trellix.com/epo/v2/tags/:tagId
      params:
      - name: tagId
        value: ''
        type: path
        description: Unique identifier of the tag
    docs: Delete a tag from ePO SaaS. Removing a tag also removes the tag assignment from all associated devices.
- info:
    name: Groups
    type: folder
  items:
  - info:
      name: List device groups
      type: http
    http:
      method: GET
      url: https://api.manage.trellix.com/epo/v2/groups
      params:
      - name: limit
        value: ''
        type: query
        description: Maximum number of items to return per page
      - name: offset
        value: ''
        type: query
        description: Number of items to skip for pagination
    docs: Retrieve the organizational hierarchy of device groups configured in ePO SaaS. Groups define the structure for policy
      inheritance and reporting scope.
- info:
    name: Queries
    type: folder
  items:
  - info:
      name: List saved queries
      type: http
    http:
      method: GET
      url: https://api.manage.trellix.com/epo/v2/queries
      params:
      - name: limit
        value: ''
        type: query
        description: Maximum number of items to return per page
      - name: offset
        value: ''
        type: query
        description: Number of items to skip for pagination
    docs: Retrieve a list of saved queries available in ePO SaaS. Queries can be executed against the data store for reporting
      and analysis of managed endpoints and security events.
  - info:
      name: Execute a saved query
      type: http
    http:
      method: POST
      url: https://api.manage.trellix.com/epo/v2/queries/:queryId/run
      params:
      - name: queryId
        value: ''
        type: path
        description: Unique identifier of the saved query
    docs: Execute a saved query and return its results. Queries run against the ePO SaaS data store and can return device,
      event, or policy compliance information.
- info:
    name: Response Actions
    type: folder
  items:
  - info:
      name: Create a response action
      type: http
    http:
      method: POST
      url: https://api.manage.trellix.com/epo/v2/response-actions
      body:
        type: json
        data: '{}'
    docs: Trigger an automated response action on one or more managed endpoints. Response actions include policy enforcement,
      scan initiation, agent wake-up, and remediation tasks.
bundled: true