Open in app

Sign in

Write

Sign in

SOCFortress Integrations — Trellix Email Security (Cloud)

SOCFortress
2 min readSep 14, 2023

--

Intro

SOCFortress integration and visualization tools allow security analysts the visualization and triage of Trellix Email Security security events using a single pane of glass.

About Trellix Email Security (Cloud)

A Secure Email Gateway (SEG) that helps organizations minimize the risk of breaches by blocking inbound and outbound malware, phishing URLs, impersonation techniques, and spam. Includes the ability to monitor email queues and advanced debugging options using email trace

Key features:

  • Threat detection — Helps mitigate the risk of costly breaches by identifying and isolating advanced, targeted, and other evasive attacks camouflaged as normal traffic.
  • Enhanced AVAS protection — Anti-spam and antivirus (AVAS) protection to detect both common attacks that use conventional signature matching as well as impersonation techniques.
  • Ease of Deployment — Native integration with Microsoft 365 and Google Workspace via API allows rapid and seamless integration into an organizations email infrastructure
  • Executive impersonation protection — Capability to block business email compromises (BEC) to protect important employees from being spoofed.
  • Comprehensive inbound and outbound email security
  • Automatically extract emails weaponized post-delivery
    Deployed in inline, hygiene (ASAV) or out-of-band modes.
  • Metadata streaming to third party SIEM solutions
  • Carrier-grade reliability with 99.995% availability
  • Supports custom YARA rules to enhance threat detection efficacy
  • Meets the FedRAMP security and SOC2 requirements

Ingesting Trellix Email Security Events

The Trellix Email Security solution can stream alerts using its remote syslog feature. Users can configure rsyslog servers to send alert notifications to remote servers. Users can also add, delete, enable, and disable servers.

Configuration steps (Trellix Cloud Console):

  • Click Add Rsyslog Server (the will be enabled by default).
  • Enter a name for the server.
  • Select All Events, Malware Object, or Riskware Object from the notification drop-down.
  • Select a domain(s)/domain group(s).
  • Select Inbound, Outbound, or Select All from the traffic type drop-down.
  • Enter an IP address/host name and port in the format IP address:port.
  • Select a format.
  • Select a version from the CEF version drop-down.
  • Select a severity level.
  • Select UDP or TCP from the protocol drop-down.
  • If you selected TCP, enable TLS (optional).

Visualizations

Trellix Email Security

Need Help?

The functionality discussed in this post, and so much more, are available via the SOCFortress platform. Let SOCFortress help you and your team keep your infrastructure secure.

Website: https://www.socfortress.co/

Contact Us: https://www.socfortress.co/contact_form.html

Trellix
Fireeye
Wazuh
Siem
Threat Intelligence

--

--

SOCFortress

Written by SOCFortress

3.6K Followers

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams