Browse Apps
Integration Documentation
  • Last Updated
    Aug 29, 2025
  • Version
    1.0.0
  • Compatibility
    ThreatQ versions >= 4.35.0

    • Trellix Insights CDF

    ThreatQuotient

    Overview

    The Trellix Insights CDF for ThreatQ enables analysts to automatically ingest campaigns provided by Trellix.

    The integration provides the following feeds:

    • Trellix Insights Campaigns - brings in campaigns & related context from the Trellix Insights App.
    • Trellix Insights Events - ingests assets (hosts/devices) with threat events relating to a campaign within the Trellix Insights App.
    • Trellix Insights IOC Data (Supplemental) - fetches related IOCs to a given Campaign.
    • Trellix Insights Galaxies Data (Supplemental) - fetches related Galaxy Data to a given Campaign.
    • Trellix Insights Campaign by ID (Supplemental) - fetches a single campaign by its ID, from Trellix via the Insights endpoint.
    • Trellix ePO Device by Agent ID (Supplemental) - fetches a single device by its ID from Trellix ePO Saas.

    The integration ingests the following system objects:

    • Adversaries
    • Assets
      • Asset Attributes
    • Attack Patterns
    • Campaign
      • Campaign Attributes
    • Indicators
      • Indicator Attributes
    • Malware

    Copyright © 2025, ThreatQuotient, Inc. All Rights Reserved. Privacy Policy