The Trellix AX Operation provides you with the ability to submit a File, URL, or FQDN for sandboxing, add or remove YARA rules, and query alerts.

You can also query your Trellix AX appliance using indicators from ThreatQ to find any alerts related to those indicators. The operation also allows you to seamlessly add and remove YARA rules from your Trellix AX appliance.

The operation provides the following actions:

• Submit - submits a file or URL/FQDN to Trellix AX. 
• Get Reports - retrieves all reports for the sample from Trellix AX.
• Add YARA Rule - adds a YARA rule to ThreatQ from Trellix AX.
• Remove YARA Rule - removes YARA rules from ThreatQ.
• Query Alerts - queries alerts in Trellix AX. 

The operation can be run on the following object types:

• Files
• Indicators (Email Address, FQDN, IP Address, MD5, URL)
• Signatures (YARA Rule)

Note:  The Trellix AX operation replaces the FireEye AX operation as of version 1.1.0.