From 7cf0be5c0d7263af1a71b8b976b3c75f4454f819 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Thu, 11 Sep 2025 23:08:51 +0530 Subject: [PATCH 1/6] Trellix mVision ePO (apps) --- blog-service/2025-09-15-apps.md | 12 ++ cid-redirects.json | 1 + .../product-list/product-list-m-z.md | 2 +- docs/integrations/saas-cloud/index.md | 6 + .../saas-cloud/trellix-mvision-epo.md | 175 ++++++++++++++++++ sidebars.ts | 1 + 6 files changed, 196 insertions(+), 1 deletion(-) create mode 100644 blog-service/2025-09-15-apps.md create mode 100644 docs/integrations/saas-cloud/trellix-mvision-epo.md diff --git a/blog-service/2025-09-15-apps.md b/blog-service/2025-09-15-apps.md new file mode 100644 index 0000000000..f40309f4d4 --- /dev/null +++ b/blog-service/2025-09-15-apps.md @@ -0,0 +1,12 @@ +--- +title: Trellix mVision ePO (Apps) +image: https://help.sumologic.com/img/reuse/rss-image.jpg +keywords: + - apps + - trellix-mvision-epo +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +We're excited to introduce the new Trellix mVision ePO app for Sumo Logic. This app offers a centralized view of malicious activity, risky endpoints, and unusual network behavior by collecting events logs from the Trellix mVision ePO platform and send them to Sumo Logic for analysis. [Learn more](/docs/integrations/saas-cloud/trellix-mvision-epo). \ No newline at end of file diff --git a/cid-redirects.json b/cid-redirects.json index de2c7f53b9..905e882dc0 100644 --- a/cid-redirects.json +++ b/cid-redirects.json @@ -2923,6 +2923,7 @@ "/cid/1105": "/docs/integrations/cloud-security-monitoring-analytics/aws-security-hub-ocsf", "/cid/1106": "/docs/integrations/sumo-apps/opentelemetry-collector-insights", "/cid/1107": "/docs/integrations/saas-cloud/aws-iam-users", + "/cid/1108": "/docs/integrations/saas-cloud/trellix-mvision-epo", "/Cloud_SIEM_Enterprise": "/docs/cse", "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration", "/Cloud_SIEM_Enterprise/Administration/Cloud_SIEM_Enterprise_Feature_Update_(2022)": "/docs/cse/administration", diff --git a/docs/integrations/product-list/product-list-m-z.md b/docs/integrations/product-list/product-list-m-z.md index 05f1180a88..b9e09c70a7 100644 --- a/docs/integrations/product-list/product-list-m-z.md +++ b/docs/integrations/product-list/product-list-m-z.md @@ -186,7 +186,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [ | Thumbnail icon | [Threater](https://www.threater.com/) | Cloud SIEM integration: [Bandura](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/ec354a4c-a761-4e18-8ceb-194d6e8692e2.md) | | Thumbnail icon | [ThreatMiner](https://www.threatminer.org/) | Automation integration: [ThreatMiner](/docs/platform-services/automation-service/app-central/integrations/threatminer/) | | Thumbnail icon | [ThreatQ](https://www.threatq.com/) | Automation integration: [ThreatQ](/docs/platform-services/automation-service/app-central/integrations/threatq/) | -| Thumbnail icon | [Trellix](https://www.trellix.com/en-us/index.html) | Automation integrations:
- [FireEye AX](/docs/platform-services/automation-service/app-central/integrations/fireeye-ax/)
- [FireEye Central Management (CM)](/docs/platform-services/automation-service/app-central/integrations/fireeye-central-management-cm/)
- [FireEye Email Security (EX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-email-security-ex/)
- [FireEye Endpoint Security (HX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-endpoint-security-hx/)
- [FireEye Helix](/docs/platform-services/automation-service/app-central/integrations/fireeye-helix/)
- [FireEye Network Security (NX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-network-security-nx/)
Cloud SIEM integrations:
- [FireEye](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/1430ab5c-7b8b-44e9-a8ec-83076fa374eb.md)
- [Trellix](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/9bec8407-4182-46ec-99dd-2adfade15652.md)
Collector: [Trellix mVision ePO Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source/) | +| Thumbnail icon | [Trellix](https://www.trellix.com/en-us/index.html) | App: [Trellix mVision ePO](/docs/integrations/saas-cloud/trellix-mvision-epo)
Automation integrations:
- [FireEye AX](/docs/platform-services/automation-service/app-central/integrations/fireeye-ax/)
- [FireEye Central Management (CM)](/docs/platform-services/automation-service/app-central/integrations/fireeye-central-management-cm/)
- [FireEye Email Security (EX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-email-security-ex/)
- [FireEye Endpoint Security (HX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-endpoint-security-hx/)
- [FireEye Helix](/docs/platform-services/automation-service/app-central/integrations/fireeye-helix/)
- [FireEye Network Security (NX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-network-security-nx/)
Cloud SIEM integrations:
- [FireEye](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/1430ab5c-7b8b-44e9-a8ec-83076fa374eb.md)
- [Trellix](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/9bec8407-4182-46ec-99dd-2adfade15652.md)
Collector: [Trellix mVision ePO Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source/) | | Thumbnail icon | [Trend Micro](https://www.trendmicro.com/en_us/business.html) | Apps:
- [Trend Micro Deep Security](/docs/integrations/security-threat-detection/trend-micro-deep-security/)
- [Trend Micro Vision One](/docs/integrations/saas-cloud/trend-micro-vision-one/)
Automation integrations:
- [Trend Micro Deep Security](/docs/platform-services/automation-service/app-central/integrations/trend-micro-deep-security/)
- [Trend Micro Vision One](/docs/platform-services/automation-service/app-central/integrations/trend-micro-vision-one/)
Cloud SIEM integration: [Trend Micro](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/8af48b83-18bf-4233-ad51-db37baca0313.md)
Collector: [Trend Micro Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source)| | Thumbnail icon | [Tricentis](https://www.tricentis.com/) | Webhook: [NeoLoad](/docs/integrations/webhooks/neoload/) | | Thumbnail icon | [Trust Login](https://trustlogin.com/en/) | App: [Trust Login](/docs/integrations/saas-cloud/trust-login)
Cloud SIEM integration: [Trust Login](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/78eae2f3-199e-48ca-aaf6-53f6a19e854a.md)
Collector: [Trust Login Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source) | diff --git a/docs/integrations/saas-cloud/index.md b/docs/integrations/saas-cloud/index.md index 50e449933e..779866ccc4 100644 --- a/docs/integrations/saas-cloud/index.md +++ b/docs/integrations/saas-cloud/index.md @@ -411,6 +411,12 @@ Learn about the Sumo Logic apps for SaaS and Cloud applications.

Gain comprehensive visibility and actionable insights into your organization's security posture.

+
+
+ icon

Trellix mVision ePO

 +

Detect, analyze, and respond faster to threats with Trellix mVision ePO for Sumo Logic.

+
+
icon

Trend Micro Vision One

 diff --git a/docs/integrations/saas-cloud/trellix-mvision-epo.md b/docs/integrations/saas-cloud/trellix-mvision-epo.md new file mode 100644 index 0000000000..289a20e720 --- /dev/null +++ b/docs/integrations/saas-cloud/trellix-mvision-epo.md @@ -0,0 +1,175 @@ +--- +id: trellix-mvision-epo +title: Trellix mVision ePO +sidebar_label: Trellix mVision ePO +description: The Trellix mVision ePO app for Sumo Logic enables security analysts to detect, analyze, and respond to threats to reduce false negatives, accelerate investigations, and strengthen endpoint protection. +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +Trust-Login-icon + +The Trellix mVision ePO app provides centralized visibility into endpoint threats, enabling security teams to detect, analyze, and respond to risks across their environment. It aggregates data on detections, remediation failures, severity, and suspicious behaviors to highlight high-priority incidents and defense gaps. + +By analyzing threat categories, attack types, geolocation, and detection methods, the app reveals patterns of malicious activity, risky endpoints, and unusual network behavior. Features such as C2 callback detection, embargoed region activity, file quarantines, and user-targeted attacks offer actionable insights into threat propagation and impacted assets. + +With comprehensive summaries, trend analysis, geographical mapping, and device-level detail, the app helps organizations prioritize threats, reduce false negatives, accelerate investigations, and strengthen endpoint protection. + +:::info +This app includes [built-in monitors](#trellix-mvision-epo-alerts). For details on creating custom monitors, refer to the [Create monitors for Trellix mVision ePO app](#create-monitors-for-the-trellix-mvision-epo-app). +::: + +## Log types + +This app uses Sumo Logic’s [Trellix mVision ePO Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source/) to collect events logs from the Trellix mVision ePO platform. + +## Sample log message + +
+Event Log + +```json +{ + "id": "b311da30-82ef-40ae-a1c7-74h6s4", + "type": "MVEvents", + "links": { + "self": "/epo/v2/events/b311da30-82ef-40ae-a1c7-74h6s4" + }, + "attributes": { + "timestamp": "2023-06-09T16:40:49.510Z", + "autoguid": "b04478e5-424c-44b0-ba78-f5e27dff4b3c", + "detectedutc": "1686285700000", + "receivedutc": "1686328849509", + "agentguid": "a8c0a97d-f57c-43fc-b611-92499cb40846", + "analyzer": "ENDP_AM_1070", + "analyzername": "Trellix Endpoint Security", + "analyzerversion": "10.7.0.5786", + "analyzerhostname": "DESKTOP", + "analyzeripv4": "172.20.10.2", + "analyzeripv6": "/0:0:0:0:0:ffff:ac14:a02", + "analyzermac": "a87eeabc2b1d", + "analyzerdatversion": "5186.0", + "analyzerengineversion": "6600.9927", + "analyzerdetectionmethod": "On-Access Scan", + "sourcehostname": null, + "sourceipv4": "172.20.10.2", + "sourceipv6": "/0:0:0:0:0:ffff:ac14:a02", + "sourcemac": null, + "sourceusername": null, + "sourceprocessname": "C:\\Windows\\explorer.exe", + "sourceurl": null, + "targethostname": null, + "targetipv4": "172.20.10.2", + "targetipv6": "/0:0:0:0:0:ffff:ac14:a02", + "targetmac": null, + "targetusername": "DESKTOP\\Sumo", + "targetport": null, + "targetprotocol": null, + "targetprocessname": null, + "targetfilename": "C:\\Users\\Sumo\\AppData\\Local\\Temp\\Temp1_7ev3n.zip\\Endermanch@7ev3n.exe", + "threatcategory": "av.detect", + "threateventid": 1027, + "threatseverity": "2", + "threatname": "Ransomware-HIZ!9F8BC96C96D4", + "threattype": "trojan", + "threatactiontaken": "IDS_ALERT_ACT_TAK_DEL", + "threathandled": true, + "nodepath": "1\\1048078\\1116857", + "targethash": "9f8bc96c96d43ecb69f883388d228754", + "sourceprocesshash": null, + "sourceprocesssigned": null, + "sourceprocesssigner": null, + "sourcefilepath": null + } + } +``` +
+ +## Sample queries + +```sql title="Total Threat Detections" +_sourceCategory="Trellix-mVision-ePO" +| json "id", "attributes.threathandled", "attributes.threatseverity", "attributes.threattype", "attributes.threatcategory", "attributes.analyzerdetectionmethod", "attributes.targethostname", "attributes.threatname", "attributes.analyzeripv4", "attributes.timestamp", "attributes.sourcehostname", "attributes.sourceusername", "attributes.sourceprocessname", "attributes.targetprocessname", "attributes.threatactiontaken", "attributes.targetfilename", "attributes.targethash", "attributes.sourceipv4", "attributes.targetipv4", "attributes.targetport", "attributes.targetprotocol", "attributes.sourceurl", "attributes.targetusername", "attributes.targetipv6" as id, threat_handled, threat_severity, threat_type, threat_category, analyzer_detection_method, target_hostname, threat_name, analyzer_ipv4, timestamp, source_hostname, source_username, source_processname, target_processname, threat_action_taken, target_filename, target_hash, source_ipv4, target_ipv4, target_port, target_protocol, source_url, target_username, target_ipv6 nodrop + +| if ((threat_severity matches "1"), "Low", threat_severity) as threat_severity +| if ((threat_severity matches "2" or threat_severity matches "3"), "Medium", threat_severity) as threat_severity +| if ((threat_severity matches "4"), "High", threat_severity) as threat_severity + +| where threat_severity matches "{{threat_severity}}" +| where threat_name matches "{{threat_name}}" +| where threat_category matches "{{threat_category}}" +| where threat_type matches "{{threat_type}}" + +| count by id +| count +``` + +## Collection configuration and app installation + +import CollectionConfiguration from '../../reuse/apps/collection-configuration.md'; + + + +:::important +Use the [Cloud-to-Cloud Integration for Trellix mVision ePO](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source/) to create the source and use the same source category while installing the app. By following these steps, you can ensure that your Trellix mVision ePO app is properly integrated and configured to collect and analyze your Trellix mVision ePO data. +::: + +### Create a new collector and install the app + +import AppCollectionOPtion1 from '../../reuse/apps/app-collection-option-1.md'; + + + +### Use an existing collector and install the app + +import AppCollectionOPtion2 from '../../reuse/apps/app-collection-option-2.md'; + + + +### Use an existing source and install the app + +import AppCollectionOPtion3 from '../../reuse/apps/app-collection-option-3.md'; + + + +## Viewing the Trellix mVision ePO dashboards​​ + +import ViewDashboards from '../../reuse/apps/view-dashboards.md'; + + + +### Security + +The **Trellix mVision ePO - Security** dashboard offers a unified view of endpoint threat activity and overall security posture. It tracks total detections, failed remediations, severity levels, and detection trends, helping teams quickly assess threat impact and scale. + +The dashboard provides real-time insights into suspicious processes, malicious file quarantines, C2 callbacks, user-targeted attacks, and unusual network port usage. It highlights threat activity by type, category, detection method, and affected endpoints, with geographical visualizations, including threats from embargoed regions, for added context. + +By consolidating this information, the dashboard enables faster threat detection, analysis, and response, reducing dwell time and enhancing endpoint defenses.
Trellix-mVision-ePO–Security-Dashboard + +## Create monitors for the Trellix mVision ePO app + +import CreateMonitors from '../../reuse/apps/create-monitors.md'; + + + +### Trellix mVision ePO alerts + +| Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | +|:--|:--|:--|:--| +| `Trellix mVision ePO - High-Severity Malware Detected` | This alert is triggered when malware with critical severity is detected. It helps prioritize threats that require immediate attention and investigation. | Critical | Count > 0 | +| `Trellix mVision ePO – High-Severity Threat Not Remediated` | This alert is triggered when high-severity threats are detected but not successfully remediated. This alert helps you to identify persistent threats or failed containment efforts. | Critical | Count > 0| +| `Trellix mVision ePO – Unusual Network Port Used in Malicious Activity` | This alert is triggered when high-severity threat events use unusual network ports outside standard ranges (80, 22, 443, 53, 3389). This alert helps you to detect potential covert communication channels. | Critical | Count > 0| +| `Trellix mVision ePO - Repeated Infections on Same Host` | This alert is triggered when more than three threat events occur on the same endpoint within one hour. This alert helps you to detect repeated compromise or reinfection of a host. | Critical | Count > 0| +| `Trellix mVision ePO - Multiple Hosts Affected by Same Threat` | This alert is triggered when the same threat indicator appears across more than five unique hosts within 30 minutes. This alert helps you to detect a widespread or rapidly propagating attack. | Critical | Count > 0| + +## Upgrading/Downgrading the Trellix mVision ePO app (Optional) + +import AppUpdate from '../../reuse/apps/app-update.md'; + + + +## Uninstalling the Trellix mVision ePO app (Optional) + +import AppUninstall from '../../reuse/apps/app-uninstall.md'; + + diff --git a/sidebars.ts b/sidebars.ts index 881b2b0e32..169611aaeb 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -2606,6 +2606,7 @@ integrations: [ 'integrations/saas-cloud/symantec-web-security-service', 'integrations/saas-cloud/sysdig-secure', 'integrations/saas-cloud/tenable', + 'integrations/saas-cloud/trellix-mvision-epo', 'integrations/saas-cloud/trend-micro-vision-one', 'integrations/saas-cloud/trust-login', 'integrations/saas-cloud/vectra', From 17adf5fd2140a4430d9fd65981445dc04ac7aa41 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Thu, 11 Sep 2025 23:41:04 +0530 Subject: [PATCH 2/6] Update trellix-mvision-epo.md --- docs/integrations/saas-cloud/trellix-mvision-epo.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/trellix-mvision-epo.md b/docs/integrations/saas-cloud/trellix-mvision-epo.md index 289a20e720..659a6b3d42 100644 --- a/docs/integrations/saas-cloud/trellix-mvision-epo.md +++ b/docs/integrations/saas-cloud/trellix-mvision-epo.md @@ -158,7 +158,7 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md'; |:--|:--|:--|:--| | `Trellix mVision ePO - High-Severity Malware Detected` | This alert is triggered when malware with critical severity is detected. It helps prioritize threats that require immediate attention and investigation. | Critical | Count > 0 | | `Trellix mVision ePO – High-Severity Threat Not Remediated` | This alert is triggered when high-severity threats are detected but not successfully remediated. This alert helps you to identify persistent threats or failed containment efforts. | Critical | Count > 0| -| `Trellix mVision ePO – Unusual Network Port Used in Malicious Activity` | This alert is triggered when high-severity threat events use unusual network ports outside standard ranges (80, 22, 443, 53, 3389). This alert helps you to detect potential covert communication channels. | Critical | Count > 0| +| `Trellix mVision ePO – Unusual Network Port Used in Malicious Activity` | This alert is triggered when high-severity threat events use unusual network ports outside standard ranges (80, 22, 443, 53, 3389). This alert helps you detect potential covert communication channels. | Critical | Count > 0| | `Trellix mVision ePO - Repeated Infections on Same Host` | This alert is triggered when more than three threat events occur on the same endpoint within one hour. This alert helps you to detect repeated compromise or reinfection of a host. | Critical | Count > 0| | `Trellix mVision ePO - Multiple Hosts Affected by Same Threat` | This alert is triggered when the same threat indicator appears across more than five unique hosts within 30 minutes. This alert helps you to detect a widespread or rapidly propagating attack. | Critical | Count > 0| From e3ad382b937bf983dfa05444210b61a5ddcc83c4 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Thu, 11 Sep 2025 23:44:15 +0530 Subject: [PATCH 3/6] Update trellix-mvision-epo.md --- docs/integrations/saas-cloud/trellix-mvision-epo.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/trellix-mvision-epo.md b/docs/integrations/saas-cloud/trellix-mvision-epo.md index 659a6b3d42..aef02284d3 100644 --- a/docs/integrations/saas-cloud/trellix-mvision-epo.md +++ b/docs/integrations/saas-cloud/trellix-mvision-epo.md @@ -158,7 +158,7 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md'; |:--|:--|:--|:--| | `Trellix mVision ePO - High-Severity Malware Detected` | This alert is triggered when malware with critical severity is detected. It helps prioritize threats that require immediate attention and investigation. | Critical | Count > 0 | | `Trellix mVision ePO – High-Severity Threat Not Remediated` | This alert is triggered when high-severity threats are detected but not successfully remediated. This alert helps you to identify persistent threats or failed containment efforts. | Critical | Count > 0| -| `Trellix mVision ePO – Unusual Network Port Used in Malicious Activity` | This alert is triggered when high-severity threat events use unusual network ports outside standard ranges (80, 22, 443, 53, 3389). This alert helps you detect potential covert communication channels. | Critical | Count > 0| +| `Trellix mVision ePO – Unusual Network Port Used in Malicious Activity` | This alert is triggered when high-severity threat events use unusual network ports outside standard ranges (80, 22, 443, 53, 3389). This alert helps you detect potential secret communication channels. | Critical | Count > 0| | `Trellix mVision ePO - Repeated Infections on Same Host` | This alert is triggered when more than three threat events occur on the same endpoint within one hour. This alert helps you to detect repeated compromise or reinfection of a host. | Critical | Count > 0| | `Trellix mVision ePO - Multiple Hosts Affected by Same Threat` | This alert is triggered when the same threat indicator appears across more than five unique hosts within 30 minutes. This alert helps you to detect a widespread or rapidly propagating attack. | Critical | Count > 0| From 955ccc31936ccb1325533ba9af217860cb2af8e9 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 12 Sep 2025 00:13:52 +0530 Subject: [PATCH 4/6] Update blog-service/2025-09-15-apps.md Co-authored-by: John Pipkin (Sumo Logic) --- blog-service/2025-09-15-apps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blog-service/2025-09-15-apps.md b/blog-service/2025-09-15-apps.md index f40309f4d4..7338dfdfd7 100644 --- a/blog-service/2025-09-15-apps.md +++ b/blog-service/2025-09-15-apps.md @@ -9,4 +9,4 @@ hide_table_of_contents: true import useBaseUrl from '@docusaurus/useBaseUrl'; -We're excited to introduce the new Trellix mVision ePO app for Sumo Logic. This app offers a centralized view of malicious activity, risky endpoints, and unusual network behavior by collecting events logs from the Trellix mVision ePO platform and send them to Sumo Logic for analysis. [Learn more](/docs/integrations/saas-cloud/trellix-mvision-epo). \ No newline at end of file +We're excited to introduce the new Trellix mVision ePO app for Sumo Logic. This app offers a centralized view of malicious activity, risky endpoints, and unusual network behavior by collecting events logs from the Trellix mVision ePO platform and sending them to Sumo Logic for analysis. [Learn more](/docs/integrations/saas-cloud/trellix-mvision-epo). \ No newline at end of file From 16bdf41cbe14b43ce57a484811108ea4bf51677e Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 12 Sep 2025 00:14:01 +0530 Subject: [PATCH 5/6] Update docs/integrations/saas-cloud/trellix-mvision-epo.md Co-authored-by: John Pipkin (Sumo Logic) --- docs/integrations/saas-cloud/trellix-mvision-epo.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/integrations/saas-cloud/trellix-mvision-epo.md b/docs/integrations/saas-cloud/trellix-mvision-epo.md index aef02284d3..eea89a65f3 100644 --- a/docs/integrations/saas-cloud/trellix-mvision-epo.md +++ b/docs/integrations/saas-cloud/trellix-mvision-epo.md @@ -16,7 +16,7 @@ By analyzing threat categories, attack types, geolocation, and detection methods With comprehensive summaries, trend analysis, geographical mapping, and device-level detail, the app helps organizations prioritize threats, reduce false negatives, accelerate investigations, and strengthen endpoint protection. :::info -This app includes [built-in monitors](#trellix-mvision-epo-alerts). For details on creating custom monitors, refer to the [Create monitors for Trellix mVision ePO app](#create-monitors-for-the-trellix-mvision-epo-app). +This app includes [built-in monitors](#trellix-mvision-epo-alerts). For details on creating custom monitors, refer to [Create monitors for Trellix mVision ePO app](#create-monitors-for-the-trellix-mvision-epo-app). ::: ## Log types From 5644b6221e50799cc069f57984f3d83a8b13c168 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Fri, 12 Sep 2025 10:08:48 +0530 Subject: [PATCH 6/6] Update trellix-mvision-epo.md --- docs/integrations/saas-cloud/trellix-mvision-epo.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/integrations/saas-cloud/trellix-mvision-epo.md b/docs/integrations/saas-cloud/trellix-mvision-epo.md index eea89a65f3..ababb6d5ef 100644 --- a/docs/integrations/saas-cloud/trellix-mvision-epo.md +++ b/docs/integrations/saas-cloud/trellix-mvision-epo.md @@ -9,7 +9,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl'; Trust-Login-icon -The Trellix mVision ePO app provides centralized visibility into endpoint threats, enabling security teams to detect, analyze, and respond to risks across their environment. It aggregates data on detections, remediation failures, severity, and suspicious behaviors to highlight high-priority incidents and defense gaps. +The Sumo Logic app for Trellix mVision ePO provides centralized visibility into endpoint threats, enabling security teams to detect, analyze, and respond to risks across their environment. It aggregates data on detections, remediation failures, severity, and suspicious behaviors to highlight high-priority incidents and defense gaps. By analyzing threat categories, attack types, geolocation, and detection methods, the app reveals patterns of malicious activity, risky endpoints, and unusual network behavior. Features such as C2 callback detection, embargoed region activity, file quarantines, and user-targeted attacks offer actionable insights into threat propagation and impacted assets. @@ -21,7 +21,7 @@ This app includes [built-in monitors](#trellix-mvision-epo-alerts). For details ## Log types -This app uses Sumo Logic’s [Trellix mVision ePO Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source/) to collect events logs from the Trellix mVision ePO platform. +This app uses Sumo Logic’s [Trellix mVision ePO Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source/) to collect event logs from the Trellix mVision ePO platform. ## Sample log message