The below configuration guides will explain how to create a custom BlueApp to collect events from Trellix ePO, including Incidents Cloud and Threats Cloud. Once the app is working, don't forget to create a rule if you would like to get alarms in response to specific events.

Trellix ePO Incidents:TrellixePOIncidentsConfigurationGuide.pdf

Trellix ePO Threats: TrellixePOThreatsCloudConfigurationGuide.pdf