### Helix API Usage Example Source: https://docs.trellix.com/bundle/helix_pg/page/UUID-d7062a98-a224-8adf-fb83-cacf801264ad This snippet demonstrates how to interact with the Helix API to retrieve data. It assumes you have API credentials and the necessary libraries installed. The example shows a basic GET request. ```python import requests API_URL = "https://helix.example.com/api/v1" API_KEY = "YOUR_API_KEY" def get_alerts(): headers = { "Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json" } try: response = requests.get(f"{API_URL}/alerts", headers=headers) response.raise_for_status() # Raise an exception for bad status codes return response.json() except requests.exceptions.RequestException as e: print(f"Error fetching alerts: {e}") return None if __name__ == "__main__": alerts = get_alerts() if alerts: print("Successfully retrieved alerts:") # Process the alerts data here for alert in alerts['data']: print(f"- Alert ID: {alert['id']}, Title: {alert['title']}") ``` -------------------------------- ### Visibility Settings and Data Policies Interaction Examples (Trellix Product Guide) Source: https://docs.trellix.com/bundle/helix_pg/page/UUID-02264c6b-e77d-1502-d2c1-dc13daf3a403 Illustrations of how visibility settings and data policies work together to control user access to data. These examples highlight scenarios involving archive searches, sensor restrictions, report visibility, and custom dashboards. ```text An archive search with public visibility uses **class= Trellix_nx_alert** and **class= Trellix_ex_alert** in its search criteria. A user who is restricted from seeing Network Security alert data can see the search on the Archive Searches page and see both Network Security and Email Security — Server Edition data from the **View Results** menu item, which returns the cached data from the owner's initial execution. If the restricted user reruns the search, the new search results will exclude the Network Security data, according to that user's data policy. ``` ```text An archive search with public visibility uses **class= Trellix_hx_alert** in its search criteria. A user who is restricted from seeing Endpoint Security alerts can see the search on the Archive Searches page and see Endpoint Security data from the **View Results** menu item for that search, which returns the cached data from the owner's initial execution. If the restricted user reruns the search, a "not found" message is displayed, according to that user's data policy. ``` ```text A user is restricted from a certain sensor, based on a policy rule defined with constraint **meta_cbid!=[xxx]**. That user's view of the Sensors page will exclude that sensor. ``` ```text A report has private visibility. Only the report owner and organization admin will see the report on the Reports page. ``` ```text A user-created custom dashboard with public visibility uses **class= Trellix_etp** in the query for one of the widgets. A user who is restricted from seeing Email Security - Cloud data can see the widget in the custom report the owner created. If the restricted user clones the dashboard, the new dashboard will exclude that widget, according to that user's data policy. ``` -------------------------------- ### Search Query Example (Index Search) Source: https://docs.trellix.com/bundle/helix_pg/page/UUID-147dfd36-252f-d2f7-ec39-80d326144af1 This code snippet shows an example of how to construct and execute an index search query within the Trellix Helix platform. It includes selecting a date range and a specific sensor. ```json { "query": "process_name: \"powershell.exe\"", "timeRange": { "startDate": "2023-10-26T00:00:00Z", "endDate": "2023-10-27T00:00:00Z" }, "sensorId": "sensor-12345" } ``` -------------------------------- ### Data Policy Rule Examples (Trellix Product Guide) Source: https://docs.trellix.com/bundle/helix_pg/page/UUID-02264c6b-e77d-1502-d2c1-dc13daf3a403 Examples of data policy rules, including their syntax and a brief description of their effect on user data access. These rules use operators like 'DOES NOT EQUAL', 'EQUALS', 'AND', and 'OR' to define access constraints. ```text `class!=Trellix_nx_alert` Users with this data policy will be unable to see Network Security alert data. ``` ```text `product!=[hx]` Users with this data policy will be unable to see Endpoint Security (HX) appliances on the Appliances, Appliance Groups, and Appliance Settings pages. ``` ```text `class!=appliance_health AND class!=Trellix_ex_alert AND meta_cbid=12345` Users with this data policy will be unable to see health data and Email Security — Server alert data for Comm Broker 12345. ``` ```text `class=Trellix_nx_alert OR class=Trellix_ex_alert` Users with this data policy will only be able to see Network Security alert data and Email Security — Server alert data. ``` ```text `class!=ms_windows_event` Users with this data policy will be unable to see Windows event logs. ``` ```text `class=Trellix_hx AND deviceid=0123456789` Users with this data policy will only be able to see Endpoint Security (HX) data from the device with the specified ID. ``` ```text `class=[appliance_health,Trellix_hx] AND deviceid=[1234,5678]` Users with this data policy will only be able to see health or Endpoint Security (HX) data from either of the two specified devices. ```