Nothing Special   »   [go: up one dir, main page]
Skip to content
/ HXTool Public

HXTool is an extended user interface for the FireEye HX Endpoint product. HXTool can be installed on a dedicated server or on your physical workstation. HXTool provides additional features and capabilities over the standard FireEye HX web user interface. HXTool uses the fully documented REST API that comes with the FireEye HX for communication w…

License

View license
79 stars 49 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fireeye/HXTool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,468 Commits
bulkdownload
bulkdownload
 
 
data
data
 
 
hxtool_task_modules
hxtool_task_modules
 
 
log
log
 
 
pytests
pytests
 
 
scripts
scripts
 
 
static
static
 
 
templates
templates
 
 
tests
tests
 
 
tools
tools
 
 
.dockerignore
.dockerignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.CONFIG
README.CONFIG
 
 
README.DOCKER
README.DOCKER
 
 
README.md
README.md
 
 
docker-entrypoint.sh
docker-entrypoint.sh
 
 
gunicorn_container.py
gunicorn_container.py
 
 
hx_audit.py
hx_audit.py
 
 
hx_lib.py
hx_lib.py
 
 
hx_openioc.py
hx_openioc.py
 
 
hxtool.py
hxtool.py
 
 
hxtool_api.py
hxtool_api.py
 
 
hxtool_apicache.py
hxtool_apicache.py
 
 
hxtool_config.py
hxtool_config.py
 
 
hxtool_data_models.py
hxtool_data_models.py
 
 
hxtool_db.py
hxtool_db.py
 
 
hxtool_formatting.py
hxtool_formatting.py
 
 
hxtool_global.py
hxtool_global.py
 
 
hxtool_logging.py
hxtool_logging.py
 
 
hxtool_mongodb.py
hxtool_mongodb.py
 
 
hxtool_scheduler.py
hxtool_scheduler.py
 
 
hxtool_scheduler_task.py
hxtool_scheduler_task.py
 
 
hxtool_session.py
hxtool_session.py
 
 
hxtool_tinydb.py
hxtool_tinydb.py
 
 
hxtool_util.py
hxtool_util.py
 
 
hxtool_vars.py
hxtool_vars.py
 
 
hxtool_x15_db.py
hxtool_x15_db.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

HXTool

Summary

HXTool is a web-based, standalone tool that can be used with Trellix Endpoint Security (HX).

HXTool provides additional features not directly available in the product by leveraging Trellix Endpoint Security (HX)'s rich API.

Version

4.8-pre

Installation

To install HXTool:

  1. Ensure that you have a working Python installation, see the Dependencies section below for version requirements.
  2. Unzip the distribution archive; Or, if you have code repository access, fetch the repo and place the files in a directory.
  3. Install HXTool's dependencies by running pip install -r requirements.txt from your operating system's command shell.
    • On Windows systems, pip.exe can be found in the "scripts" folder under your Python installation directory.
  4. After installing the dependencies, run python hxtool.py from your operating system's command shell and the server will start listening to tcp port 8080 (HTTPS).
    • Alternatively, on Windows, you should be able to double-click on the hxtool.py file.
  5. Access the web user interface via a browser: https://127.0.0.1:8080 (tested with Google Chrome and Mozilla Firefox)
  6. You will need an account on the Endpoint Security (HX) controller that has either the api_admin or api_analyst role.
  7. Don't forget to set the Background Processing credentials under Admin --> HXTool Settings. These credentials are used by the scheduler, and can be the same as what you have logged in with, or a separate set.

Dependencies

Python 3.6+

Full dependency list available in requirements.txt.

Optionally, the pymongo library may be installed for additional database functionality.

Configuration

Configuration for HXTool is held in the conf.json file, documentation is in README.CONFIG.

Docker

To build a Docker image from the HXTool source, execute the following:

docker build --pull -t hxtool:latest .

To run HXTool once the image build process is complete, execute the following:

docker run -p 8080:8080/tcp -d --cap-add=IPC_LOCK --name hxtool hxtool:latest

IPC_LOCK is needed for the GNOME keyring daemon. See README.DOCKER

Contribution

Guidelines

None so far

Who do I talk to?

Contributors

About

HXTool is an extended user interface for the FireEye HX Endpoint product. HXTool can be installed on a dedicated server or on your physical workstation. HXTool provides additional features and capabilities over the standard FireEye HX web user interface. HXTool uses the fully documented REST API that comes with the FireEye HX for communication w…

Resources

Readme

License

View license
Activity
Custom properties

Stars

79 stars

Watchers

20 watching

Forks

49 forks
Report repository

Releases 3

release-4.7.1 Latest
Aug 3, 2022
+ 2 releases

Packages

No packages published

Contributors 9

Languages