The Trellix ePolicy Orchestrator (ePO) operation allows users to manage system tags in Trellix ePO. The operation provides the following actions:

• Manage Tags Apply - applies tag(s) to systems in ePO.
• Manage Tags Exclude - adds exclude tag(s) to systems in ePO.
• Manage Tags Clear tags - removes tag(s) from systems in ePO.
• Get System Information - prints the complete information about the endpoint from ePO.

The operation is compatible with the Assets custom object type. Prerequisites The following is required in order to install and run the operation:

• Assets object installed on your ThreatQ instance.
• Route between ThreatQ and Trellix ePO.
• Trellix products:
  • ePO with an installed Endpoint Security extension
• Trellix ePO username and password to use with the integration