...
For more information on how the events are parsed, visit our page.
Flattening preprocessing
...
Data source
...
Collector service
...
Optional
...
Flattening details
...
incident
...
dpim_incident
...
yes
...
API Limits, Delays, Known Issues
We occasionally encounter a 429 "Too Many Requests" error, indicating a rate limit has been reached. This is a known limitation, but the exact rate limit thresholds are not disclosed in Trellix’s documentation, which makes precise management challenging. To handle this, our system is configured to pause briefly and retry requests automatically after encountering the error. This approach helps to recover data access smoothly once the API limit resets.
Flattening preprocessing
Data source | Collector service | Optional | Flattening details |
|---|---|---|---|
|
|
| not required |
Accepted authentication methods
Authentication method | api_key | username | password | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Bearer auth token |
|
|
|
Minimum configuration required for basic pulling
...
| Info |
|---|
The auth token timeout specified in Trellix DLP official documentation is 300 seconds, but we are using it as 280 seconds as the token expires around that time. |
Accepted authentication methods
...
Authentication method
...
api_key
...
username
...
password
...
Bearer auth token
...
| Status | ||||
|---|---|---|---|---|
|
...
| Status | ||||
|---|---|---|---|---|
|
...
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).
...