Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Trellix Security Operations

Trellix

Reviews from AWS customer

1 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    1
  • 2 star
    0
  • 1 star
    0

External reviews

6 reviews
from

External reviews are not included in the AWS star rating for the product.

3-star reviews ( Show all reviews )

    Daniel_Martins

Experiencing frequent disconnections and support challenges but benefits from quick implementation and integration capabilities

  • July 17, 2025
  • Review from a verified AWS customer

What is our primary use case?

We use Trellix Helix Connect because it is a SaaS solution. I think it has its own infrastructure rather than AWS or another provider. We use the Helix SaaS and a component called Evidence Collector that gets the logs from on-premise infrastructure and sends them to SaaS. I believe everything about Trellix Helix Connect is SaaS-based.

We use Evidence Collector which can be installed with the on-premise infrastructure to collect components such as files and IPS. This product receives the logs from the infrastructure and sends the information to Helix.

What is most valuable?

The best feature of Trellix Helix Connect is its quick implementation.

The integration with Mandiant is another significant advantage. When investigating an incident, we have access to IOCs and can receive results from Mandiant about these IOCs, similar to what VirusTotal offers. We can search and utilize this integration effectively.

We utilize the artificial intelligence capabilities in Trellix Helix Connect. We can perform some customization by providing parameters in the YARA from Helix, which provides valuable analysis points.

The solution allows users to create reports more quickly with comprehensive information, which can be expanded within minutes. This demonstrates the effectiveness of Trellix Helix Connect's automation capabilities for reducing incident response times.

What needs improvement?

The timeout of the tenant is an area that needs improvement. When investigating and gathering information from the Helix tenant for extended periods, disconnections occur. This results in lost work and the need to restart investigations due to disconnected sessions.

It is problematic when progress is lost and investigations must be restarted, resulting in lost information and significant time wastage.

The capability to integrate with other TIPs or cybersecurity intelligence sources could be improved to determine whether IOCs are malicious, similar to Mandiant's functionality.

The capacity to reduce false positives needs improvement as we receive many alerts from Helix that turn out to be false positives upon investigation. Enhanced capability in this area would make the system more efficient and easier to use.

The dashboards could be improved as customers frequently request real-time SOC dashboard displays for Helix.

How are customer service and support?

The support for Trellix Helix Connect is not satisfactory. We experience difficulties accessing personnel with deep knowledge of Helix. We have numerous tickets to understand and resolve problems. It is not an easy product to support on a daily basis.

The support would rate a three out of ten. It can take one to four weeks to connect with someone who truly understands Helix and can provide solutions. This makes the product difficult to maintain.

How would you rate customer service and support?

Neutral

What other advice do I have?

The solution can be challenging for analysts with lower skill levels. The syntax for finding findings requires specific knowledge, making it more difficult for initial users.

Trellix Helix Connect is generally easy to use, but the Evidence Collector component presents more challenges.

This review rates Trellix Helix Connect as 6 out of 10.

showing 1 - 1