A Note to our Customers and Partners in the Middle East
More Information
Academy
Labs
Careers
Partner Login
Support
INTEGRATION

Trellix

Enriching OT and IT asset visibility in Nozomi Vantage with managed endpoint inventory and agent health data from Trellix ePO.

About
Trellix

Trellix ePO is a centralized security management console for endpoint orchestration, device inventory, agent policy enforcement and security state reporting. By integrating Trellix ePO with Nozomi Vantage, security teams gain a consolidated view of managed assets across IT and OT environments — importing managed endpoint inventory and agent health data directly into Vantage. This enriches the asset registry with authoritative data from the Trellix management plane, accelerating incident investigation, reducing blind spots in critical infrastructure environments and enabling analysts to correlate security console telemetry with OT network observations without switching consoles.

Features

Importer Data Types

Vantage imports the following from
Trellix ePO
:

  • Asset Details Enrichment and Create New in Vantage

    Trellix ePO supplies records including managed system hostname, IP and MAC addresses, OS type and version, agent product list, agent version, last-communication timestamp and managed status — to enrich existing Vantage assets and create new asset records for endpoints not yet observed on the OT network.

Joint Use Cases

  • Correlating Trellix signals with OT network alerts

    When Nozomi Vantage raises an anomaly alert for a device inside an OT segment, the analyst can pivot to the same asset's Trellix ePO record in Vantage to review agent policy state, managed product version and recent compliance events, all without leaving the Vantage investigation workflow. This cross-layer correlation surfaces whether a network-layer anomaly coincides with activity observed by Trellix, reducing the time needed to confirm or dismiss an incident.

  • Closing asset inventory gaps across IT and OT

    Devices recorded by Trellix ePO but not yet observed by Nozomi network sensors are automatically created as new asset records in Vantage, populated with hostname, OS, installed agent products and managed status drawn from the Trellix management plane. OT operations teams can audit the resulting unified inventory to identify unmonitored or underprotected assets in industrial and critical infrastructure zones, then prioritize sensor deployment accordingly.

  • Validating endpoint-security agent coverage on OT-adjacent hosts

    Devices managed by Trellix ePO are joined with Vantage's network-observed inventory, surfacing endpoints that are network-active in OT-adjacent zones but are missing the Trellix agent.

Integration Prerequesites

  • Active Nozomi Vantage tenant with the connector-configuration role assigned to the administering account
  • Trellix ePO server with a registered API user granted Read permission against the System Tree and System Properties
  • Consistent hostname, IP or MAC addressing between Trellix ePO-recorded assets and Vantage-observed assets to enable accurate asset correlation and deduplication
  • Outbound network connectivity from Vantage to the source-tool API endpoint over HTTPS (this prerequisite is a deployment placeholder and may be adjusted to match your environment)
  • Outbound network connectivity from Vantage to the source-tool API endpoint over HTTPS (this prerequisite is a deployment placeholder and may be adjusted to match your environment)

Related products

Trellix

Product:

Trellix EDR

Designed by Nozomi

This integration is developed and maintained by Nozomi Networks.

A chevron pointing up

Trellix

Product:

Trellix Network Detection and Response

Certified by Nozomi

This integration was not developed by Nozomi Networks, but was reviewed and follows technical best practices for integrating with Nozomi Networks products.

A chevron pointing up

Trellix

Product:

Trellix SIEM

Designed by Third Party

This integration was not developed by Nozomi Networks, and has not yet been reviewed for technical best practices.

A chevron pointing up
Product
Trellix ePO
Vendor
Trellix
Category
Endpoint Management
Certification
Designed by Nozomi
Visit
Trellix

More Resources

Case Studies
Content Packs
Data Sheets
OT Cyber FAQs

Take the next step.

Discover how easy it is to identify and respond to cyber threats by automating your OT and IoT asset discovery, inventory, and management.

Request a DemoWatch Demo

Subscribe

LinkedIn

Demo

PLATFORM

Platform OverviewVantageCentral Management ConsoleGuardianGuardian AirArcAsset IntelligenceThreat IntelligenceSmart PollingIntegrationsPSIRT

Professional Services

Professional ServicesDesignated EngineerFast Track ServicesHealth Check ServiceOptimization Service

Solutions: Business needs

Threat Detection & ResponseContinuous Network MonitoringAsset Inventory ManagementRisk & Vulnerability ManagementIoT SecurityData Center Cybersecurity

Solutions: Compliance

DoW ZT for OTISA/IEC 62443 Standards NERC CIPNIS2 DirectiveSEC Cybersecurity RulesTSA Security Directives

Solutions: Industry

AirportsElectric UtilitiesHealthcareFederal GovernmentManufacturingMaritimeMiningOil & GasPharmaceuticalRailRetailSmart CitiesWater & Wastewater

Learn

AcademyCareersCompanyCustomer StoriesContact UsPartnersResourcesLabsLegalTrust Center
LinkedIn logo
© 2026 Nozomi Networks Inc. All Rights Reserved. Privacy Notice and Certifications. System Status.