HXTool

Summary

HXTool is a web-based, standalone tool that can be used with Trellix Endpoint Security (HX).

HXTool provides additional features not directly available in the product by leveraging Trellix Endpoint Security (HX)'s rich API.

4.8-pre

To install HXTool:

Ensure that you have a working Python installation, see the Dependencies section below for version requirements.
Unzip the distribution archive; Or, if you have code repository access, fetch the repo and place the files in a directory.
Install HXTool's dependencies by running pip install -r requirements.txt from your operating system's command shell.
- On Windows systems, pip.exe can be found in the "scripts" folder under your Python installation directory.
After installing the dependencies, run python hxtool.py from your operating system's command shell and the server will start listening to tcp port 8080 (HTTPS).
- Alternatively, on Windows, you should be able to double-click on the hxtool.py file.
Access the web user interface via a browser: https://127.0.0.1:8080 (tested with Google Chrome and Mozilla Firefox)
You will need an account on the Endpoint Security (HX) controller that has either the api_admin or api_analyst role.
Don't forget to set the Background Processing credentials under Admin --> HXTool Settings. These credentials are used by the scheduler, and can be the same as what you have logged in with, or a separate set.

Python 3.6+

Full dependency list available in requirements.txt.

Optionally, the pymongo library may be installed for additional database functionality.

Configuration for HXTool is held in the conf.json file, documentation is in README.CONFIG.

To build a Docker image from the HXTool source, execute the following:

docker build --pull -t hxtool:latest .

To run HXTool once the image build process is complete, execute the following:

docker run -p 8080:8080/tcp -d --cap-add=IPC_LOCK --name hxtool hxtool:latest

IPC_LOCK is needed for the GNOME keyring daemon. See README.DOCKER

None so far