HXTool icon indicating copy to clipboard operation
HXTool copied to clipboard

verified publisher icon fireeye

Metadata

HXTool is an extended user interface for the FireEye HX Endpoint product. HXTool can be installed on a dedicated server or on your physical workstation. HXTool provides additional features and capabil...

HXTool

Summary

HXTool is a web-based, standalone tool that can be used with Trellix Endpoint Security (HX).

HXTool provides additional features not directly available in the product by leveraging Trellix Endpoint Security (HX)'s rich API.

Version

4.8-pre

Installation

To install HXTool:

  1. Ensure that you have a working Python installation, see the Dependencies section below for version requirements.
  2. Unzip the distribution archive; Or, if you have code repository access, fetch the repo and place the files in a directory.
  3. Install HXTool's dependencies by running pip install -r requirements.txt from your operating system's command shell.
    • On Windows systems, pip.exe can be found in the "scripts" folder under your Python installation directory.
  4. After installing the dependencies, run python hxtool.py from your operating system's command shell and the server will start listening to tcp port 8080 (HTTPS).
    • Alternatively, on Windows, you should be able to double-click on the hxtool.py file.
  5. Access the web user interface via a browser: https://127.0.0.1:8080 (tested with Google Chrome and Mozilla Firefox)
  6. You will need an account on the Endpoint Security (HX) controller that has either the api_admin or api_analyst role.
  7. Don't forget to set the Background Processing credentials under Admin --> HXTool Settings. These credentials are used by the scheduler, and can be the same as what you have logged in with, or a separate set.

Dependencies

Python 3.6+

Full dependency list available in requirements.txt.

Optionally, the pymongo library may be installed for additional database functionality.

Configuration

Configuration for HXTool is held in the conf.json file, documentation is in README.CONFIG.

Docker

To build a Docker image from the HXTool source, execute the following:

docker build --pull -t hxtool:latest .

To run HXTool once the image build process is complete, execute the following:

docker run -p 8080:8080/tcp -d --cap-add=IPC_LOCK --name hxtool hxtool:latest

IPC_LOCK is needed for the GNOME keyring daemon. See README.DOCKER

Contribution

Guidelines

None so far

Who do I talk to?

  • Henrik Olsson

Contributors

  • Elazar Broad
  • Matthew Briggs
  • Martin Holste

Metadata

78
Stars
51
Forks
Watchers

Owner

verified publisher icon fireeye

Metadata

HXTool is an extended user interface for the FireEye HX Endpoint product. HXTool can be installed on a dedicated server or on your physical workstation. HXTool provides additional features and capabil...

Back