The ThreatQuotient for Trellix EX Operation allows you to search for emails alerts in a Trellix EX appliance that contains specific indicators. If any alerts are returned, the data and indicators are parsed and listed in the ThreatQ UI.

The operation provides the following action:

• Search for Alerts - submits data to Trellix EX and returns matching alerts.
• Search for Indicators - searches for Trellix EX alerts containing Malware or URL/Filename indicators. 

The operation is compatible with the following object types:

• Indicators (Email Address, Filename, MD5, URL)
• Malware

Note:  The Trellix EX operation replaces the FireEye EX operation as of version 1.1.0.