# Cribl FireEye HX/Trellix

In this guide, you will configure the FireEye HX data connector using Cribl.

### Prerequisites

* [ ] FireEye HX alert and host data must be configured as a source in Cribl Streams

### Add the Cribl FireEye HX data connector

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, select **Settings** > **Data Connector** and click **+ Add Connector**.
3. Search for and select the **Cribl FireEye HX** option and then click **Data** **Feeds.**
4. Under **Select your data feeds**, select **Cribl FireEye HX** and click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name.
6. Under **Required** **Credentials**, add the **Webhook Auth Token**. This can be any value defined by you, preferably something long and rotated periodically. 
7. Click **Add Connector**.

### Create a webhook destination in Cribl Streams

1. Login to Cribl.
2. Navigate to **Stream**.
3. Use the top navigation to open **Manage** > **Groups**.
4. From the list of groups, click the group that has the FireEye HX data as a **Source**.
5. Use the top navigation to open **Data** > **Destinations**.
6. Filter the Destinations to find and click **Webhook**.
7. Click **Add Destination**.
8. Under **General Settings**, configure the following:
   * **Output ID**: `rs-cribl-fireeye-hx`
   * **URL**: `https://api.app.blastradius.ai/connectors/cribl-hx/webhook/THE_TENANT_ID/THE_CONNECTOR_ID`<br>

     <figure><img src="https://20705827.fs1.hubspotusercontent-na1.net/hubfs/20705827/Knowledge%20Base%20Articles/Cribl%20FireEye%20HX%20Trellix/Screenshot%202023-06-19%20at%203.11.52%20PM(1).png" alt=""><figcaption></figcaption></figure>
9. Click **Authentication** and configure the following properties:
   * **Authentication** **type**: `Auth Token`
   * **Token**: the Webhook Auth Token configured in Radiant Security<br>

     <figure><img src="https://20705827.fs1.hubspotusercontent-na1.net/hubfs/20705827/Knowledge%20Base%20Articles/Cribl%20FireEye%20HX%20Trellix/Screenshot%202023-06-19%20at%203.12.15%20PM.png" alt=""><figcaption></figcaption></figure>
10. Click **Save** to save the connector configuration.
11. Use the top navigation to open **Routing > Data Routes**.
12. Click **Add Route**.
13. Configure the route to send the FireEye HX data (Hosts and Alerts) to a Pipeline that outputs to the `rs-cribl-fireeye-hx` Destination.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/cribl-fireeye-hx-trellix.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.