Page tree

This Trellix-ePO integration combines the reach of Asset Manager’s network discovery with Trellix's ePolicy Orchestrator (Trellix ePO) to improve your organization's security posture. 

The Trellix ePO integration provides Trellix ePO customers with a way to ensure that the ePO agent is installed comprehensively on all network devices in a particular segment (or multiple segments) as intended.  The integration reconciles Trellix findings with Asset Manager findings and insodoing, uncovers:

  1. Assets lacking the Trellix ePO agent
  2. Assets to which visibility is blocked
  3. Assets with comprehensive management

To manage e-policy in Asset Manager, first configure the Trellix feed, then review the ePO Management dashboard, located on Asset Manager's main Dashboards menu.

To manage e-policy in Trellix ePO server, configure the Trellix feed, then install the Asset Manager extension to your ePO server.

The dashboard provides a variety of useful information:

IPs Unmanaged by Trellix - IPs Asset Manager found on your network that Trellix doesn't know about and doesn't have under management. Together, these unknowns represent a policy-management gap and vulnerability that could be exploited. This information is presented visually, in a bar chart that shows the volume of unmanaged, and also in a table with details on each unmanaged IP address (i.e., IP and MAC address, responsiveness and when the first and last response was received, and the Zone in which the device is located).

IPs Unmanaged by Asset Manager - These are those IPs managed by Trellix that Asset Manager did not find on the network. Typically there will not be any devices managed by Trellix that have not been indexed by Asset Manager. In the event these widgets show results, check your your Asset Manager discovery configuration, which is not providing the level of visibility you require. Contact us for help in identifying the prospective source  of the problem.

Trellix- and Asset Manager-Managed IPs - When this subset becomes the whole (i.e., when all devices are managed by both resources, your organization's e-policy is well in hand.

Following is the ePO Management dashboard and a description of the data fields returned. All analytics from the Trellix feed go here. None affect Map filters, Reports or Search.

  • IP Address - Device identifier
  • MAC Address - Device identifier
  • Active - device responded to Asset Manager probe
  • First Observed - Device came on the network
  • Last Observed - Device left the network after this point
  • Zone - Number corresponding to the zone to which the device belongs



The data in any dashboard widget can be exported by clicking the Export icon (i.e., the away-pointing arrow). After identifying Asset Manager-discovered IPs that you'd like to bring into Trellix, you can either export the data from the source widget and then import it to Trellix. Or, you can install the Asset Manager extension on your Trellix ePO server.

Submit a comment at the bottom of this page if you have a question or need additional information about the ePO Management dashboard.

  • No labels