The Trellix Helix Action for ThreatQ enables the automatic dissemination of malicious IOCs to a Trellix Helix Intel Matching List.

The following action is included:

• Trellix Helix - IOC Export - Exports IOCs to a Trellix Helix list.

The action is compatible with the following indicator types:

• IP Address
• IPv6 Address
• FQDN
• Email Address
• MD5
• SHA-1

The action returns enriched indicator system objects.

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.