SecOps Made Easier: Meet the New Trellix Helix Connect Apps

By Grant McDonald · March 5, 2025

Pivots are annoying when it comes to SecOps. Not just annoying, time consuming and at best inefficient. At Trellix, we are constantly taking input from customers on how to refine and improve the user experience of our tools. We don’t want to just make tools that are visually pleasing—we want them to be efficient and easy to use no matter what level of expertise your SOC team has.

We are pleased to announce, the latest UX improvements for Trellix Helix Connect are now live. What are they exactly and where do you find them? Let’s dive in and take a look!

1. The Integration Hub

Helix Connect supports a large volume of data sources. It offers hundreds of integrations with Trellix and third-party products and can quickly integrate data from over 120 different SaaS solutions across multiple domains.

The new Integration Hub replaces Cloud Connect and makes it even easier to integrate data from your other tools. Helpful how-to tips guide less-experienced users, enabling more of your team members to take part in creating and managing integrations.

2. Alerts area

Getting the data in is good, but making it actionable is even more valuable. We’ve changed up the visualization with a new Alerts area that makes it easier to sort, filter, and group alerts and see the level of severity of each. The timeline is easier to expand and refine, alert severity is more prominent, and tags are easier to use.

When you click on an alert, you get a much cleaner experience as well. We replaced the busy fine-print, code-like event details with more common language groupings.

Pivoting is more straightforward because of these changes too. You can go from Summary to the alert timeline, see what assets are affected (along with their current status), the history of what has been done so far, and recommended steps to respond, including automation that can be applied.

The bottom line? Improved MTTD, because you can make decisions faster, with easier access to data in fewer steps and manual pivots.

3. Rules area

Rules match events and generate alerts. The enhanced Rules area offers a more at-a-glance experience, with less cluttered filtering than previously.

It also provides a simplified interface for creating and managing detection rules. In addition, you can now see the status of a rule and click on it to get helpful descriptions and details without leaving the screen.

Your analysts can still leverage pre-built Trellix rules and create their own custom rules to tailor your detection strategy. This can be useful if your company has multiple satellite offices or you have a customer in a highly regulated industry that requires strict controls.

4. Tags

Tags have been added as well for easier viewing and prioritization. Tags help your analysts sort through alerts, systems, and artifacts, making it much easier to identify what they are looking for.

You can use default Trellix tags, or you can create your own to help analysts drill down into a specific threat type, vector, and more.

They can also drill down into related alerts or cases with a specific tag, which makes it easier to pivot through investigations. And if they need to make a tag for a specific action or something unique to their environment, they can clone and edit an existing Trellix system policy or make one from scratch.

Tags are all about providing visibility to speed up investigations.. From the network guy who wants to drill down into the latest alerts, to the endpoint analyst who wants to see ransomware-related events, to the person responsible for policy management, everyone can get faster and more thorough insights.

5. Case Management area

New to Helix Connect, the Case Management area facilitates collaboration between your analysts, enabling them to share notes, assign tasks, and track the progress of investigations.

Similar to alerts, users can view at-a-glance information, milestones, and context in a timeline so that those involved can understand what’s happened and what’s next. They can drill down into related cases and read and add notes—all of which helps improve MTTR.

Case Management can also help upskill your less-experienced analysts, who can benefit from seeing the work and insights of more senior members for a bit of on-the-job training.

These user interface improvements are just one part of our ongoing commitment to delivering a best-in-class security platform for you and your team. We believe that by making Trellix Helix Connect easier to use, we can help your security analysts be more effective and efficient in their work.

To learn more about these new features, please contact your Trellix representative or visit Trellix Helix Connect.