DataDog
diff --git a/‎trellix_endpoint_security/README.md
Lines changed: 35 additions & 21 deletions b/‎trellix_endpoint_security/README.md
Lines changed: 35 additions & 21 deletions
@@ -1,43 +1,57 @@
-# Agent Check: trellix_endpoint_security
-
 ## Overview
 
-This check monitors [trellix_endpoint_security][1].
+[Trellix Endpoint Security (ENS)][1] protects servers, computer systems, laptops, and tablets against known and unknown threats. These threats include malware, suspicious communications, unsafe websites, and downloaded files. Trellix Endpoint Security enables multiple defense technologies to communicate in real time to analyze and protect against threats.
 
-## Setup
+This integration ingests the following logs:
+
+- **Threat Events**: This endpoint provides details about threat events triggered by Trellix Endpoint Security, including threat prevention, web control, firewall, and adaptive threat protection.
+
+This integration provides enrichment and visualization for above mentioned event types. It helps to visualize detailed insights into security trends, threats, and policy violations through the out-of-the-box dashboards. Also, This integration provides out of the box detection rules.
 
-### Installation
+## Setup
 
-The trellix_endpoint_security check is included in the [Datadog Agent][2] package.
-No additional installation is needed on your server.
+### Generate API Credentials in Trellix Endpoint Security
 
-### Configuration
+1. Log in to the Trellix ePO Saas.
+2. Navigate to the **[Trellix Developer Portal][2]**.
+3. Under **Self-Service**, select **API Access Management**.
+4. In the **Credential Configurations** section, provide the following details:
+   - **Client Type**: Enter a descriptive and identifiable name.
+   - **APIs**: Choose **Events** from the dropdown.
+   - **Method Types**: Select **GET**.
+5. Click **Request** to submit the request. It typically takes 2-3 days to process. You will be notified once your credentials are ready.
+6. When your credentials are available, generate your Client credentials by clicking **Generate** under **Create Client Credentials**.
+7. Copy the API key from **Access Management**, along with the Client ID and Client Secret, from **Create Client Credentials**.
 
-!!! Add list of steps to set up this integration !!!
+### Connect your Trellix Endpoint Security Account to Datadog
 
-### Validation
+1. Add your Client ID, Client Secret, and API Key.
+   | Parameters    | Description                            |
+   | ------------- | -------------------------------------- |
+   | Client ID     | The Client ID of Trellix ePO SaaS.     |
+   | Client Secret | The Client Secret of Trellix ePO SaaS. |
+   | API Key       | The API Key of Trellix ePO SaaS.       |
 
-!!! Add steps to validate integration is functioning as expected !!!
+2. Click the Save button to save your settings.
 
 ## Data Collected
 
-### Metrics
+### Logs
 
-trellix_endpoint_security does not include any metrics.
+The Trellix Endpoint Security integration collects and forwards events related to threat prevention, web control, firewall, and adaptive threat protection to Datadog.
 
-### Service Checks
+### Metrics
 
-trellix_endpoint_security does not include any service checks.
+The Trellix Endpoint Security integration does not include any metrics.
 
 ### Events
 
-trellix_endpoint_security does not include any events.
+The Trellix Endpoint Security integration does not include any events.
 
-## Troubleshooting
+## Support
 
-Need help? Contact [Datadog support][3].
+For additional assistance, contact [Datadog support][3].
 
-[1]: **LINK_TO_INTEGRATION_SITE**
-[2]: https://app.datadoghq.com/account/settings/agent/latest
+[1]: https://www.trellix.com/products/endpoint-security/
+[2]: https://developer.manage.trellix.com/mvision/selfservice/home
 [3]: https://docs.datadoghq.com/help/
-