diff --git a/Community Developed/Trellix HX/Alert Groups/Trellix-HX-Alert_Groups-Workflow-Parameter-Value.xml b/Community Developed/Trellix HX/Alert Groups/Trellix-HX-Alert_Groups-Workflow-Parameter-Value.xml
new file mode 100644
index 0000000..f3a8c00
--- /dev/null
+++ b/Community Developed/Trellix HX/Alert Groups/Trellix-HX-Alert_Groups-Workflow-Parameter-Value.xml	
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<WorkflowParameterValues xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/WorkflowParameterValues/V1">
+    <Value name="host" value="hexXXXXXX-hx-webui-1.hex03.helix.apps.fireeye.com" />
+    <Value name="hx_port" value="443" /> <!-- 443 for CLoud and 3000 for On-Prem -->
+    <Value name="username" value="api_analyst" />
+    <Value name="password" value="api_analyst" />
+    <!-- Number of alert records to fetch per request -->
+    <Value name="limit" value="100" />
+</WorkflowParameterValues>
diff --git a/Community Developed/Trellix HX/Alert Groups/Trellix-HX-Alert_Groups-Workflow.xml b/Community Developed/Trellix HX/Alert Groups/Trellix-HX-Alert_Groups-Workflow.xml
new file mode 100644
index 0000000..81e7b6f
--- /dev/null
+++ b/Community Developed/Trellix HX/Alert Groups/Trellix-HX-Alert_Groups-Workflow.xml	
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="FireEye HX" version="1.0" xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V1">
+	<Parameters>
+		<Parameter name="host" label="Host" required="true" />
+		<Parameter name="hx_port" label="Port" value="443" required="true" />
+		<Parameter name="username" label="Username" required="true" />
+		<Parameter name="password" label="Password" required="true" secret="true" />
+	</Parameters>
+	<Actions>
+		<!-- Initialize the Bookmark -->
+		<Initialize path="/bookmark" value="${time() - 86400000}" />
+	
+		<!-- Use bookmark -10 mins as start time -->
+		<FormatDate pattern="yyyy-MM-dd'T'HH:mm:ss'Z'" timeZone="UTC" time="${/bookmark}" savePath="/startTime" />
+
+		<!-- Authenticate and request API Token -->
+        <CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/token" method="GET" savePath="/getApiToken" >
+		<BasicAuthentication username="${/username}" password="${/password}" />
+		<RequestHeader name="Accept" value="application/json" />
+        </CallEndpoint>
+
+        <!-- Handle Errors -->
+	<If condition="/getApiToken/status_code != 204">
+		<Log type="Error" message="FE HX API: Error Authenticating to API: ${/getApiToken/body}" />
+		<Abort reason="Error login: ${/getApiToken/body}" />
+        </If>
+	<Else>
+		<!-- Extract the API Token -->
+		<Set path="/x_feapi_token" value="${/getApiToken/headers/X-FeApi-Token}" />
+		<!-- Build filterQuery -->
+		<Set path="/filterQuery" value='{"operator":"gt","arg": ["${/startTime}"],"field":"last_event_at"}' />
+
+		<!-- Get Alerts -->
+		<CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/alert_groups/?" method="GET" savePath="/getAlerts">
+			<QueryParameter name="offset" value="0" />
+			<QueryParameter name="limit" value="100" />
+			<QueryParameter name="sort" value="last_event_at" />
+			<!-- URL Encoded Filter for last_event_at greater than Start Time -->
+			<QueryParameter name="filterQuery" value="${/filterQuery}" />
+			<RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+			<RequestHeader name="Accept" value="application/json" />
+		</CallEndpoint>
+			
+		<!-- Handle Errors -->
+		<If condition="/getAlerts/status_code != 200">
+			<Log type="Error" message="FE HX API: Error fetching alerts ${/getAlerts/body}" />
+		</If>
+		<Else>
+			<Log type="INFO" message="FE HX API: Got ${/getAlerts/body/data/total} events" />
+
+			<!-- Alert are returned in JSON format-->
+			<!-- Extract Alerts-->
+			<If condition="${/getAlerts/body/data/total} > 0">
+				<Set path="/alerts" value="${/get_alerts/body/data/entries}" />
+				<Set path="/bookmark" value="${max(/alerts/reported_at)}" />
+			</If>
+			<!-- Post Alerts -->
+			<PostEvents path="/alerts" source="${/host}" />
+		</Else>
+
+		<!-- Dispose generated token to clear active session -->
+		<CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/token" method="DELETE" savePath="/delApiToken" >
+			<RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+			<RequestHeader name="Accept" value="application/json" />
+		</CallEndpoint>
+
+		<!-- Handle Errors -->
+		<If condition="/del_feapi_token/status_code != 204">
+			<Log type="Error" message="FE HX API: Error Deleting Session: ${/del_feapi_token/body/message}" />
+			<Abort reason="${/get_feapi_token/body/message}" />
+		</If>
+		</Else>
+	</Actions>
+	<Tests>
+		<DNSResolutionTest host="${/host}" />
+		<TCPConnectionTest host="${/host}" port="${/hx_port}" />
+		<SSLHandshakeTest host="${/host}" port="${/hx_port}"/>
+		<HTTPConnectionThroughProxyTest url="https://${/host}:${/hx_port}" />
+	</Tests>
+</Workflow>
diff --git a/Community Developed/Trellix HX/Alerts/Trellix-HX-Alerts-Workflow-Parameter-Value.xml b/Community Developed/Trellix HX/Alerts/Trellix-HX-Alerts-Workflow-Parameter-Value.xml
new file mode 100644
index 0000000..f3a8c00
--- /dev/null
+++ b/Community Developed/Trellix HX/Alerts/Trellix-HX-Alerts-Workflow-Parameter-Value.xml	
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<WorkflowParameterValues xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/WorkflowParameterValues/V1">
+    <Value name="host" value="hexXXXXXX-hx-webui-1.hex03.helix.apps.fireeye.com" />
+    <Value name="hx_port" value="443" /> <!-- 443 for CLoud and 3000 for On-Prem -->
+    <Value name="username" value="api_analyst" />
+    <Value name="password" value="api_analyst" />
+    <!-- Number of alert records to fetch per request -->
+    <Value name="limit" value="100" />
+</WorkflowParameterValues>
diff --git a/Community Developed/Trellix HX/Alerts/Trellix-HX-Alerts-Workflow.xml b/Community Developed/Trellix HX/Alerts/Trellix-HX-Alerts-Workflow.xml
new file mode 100644
index 0000000..f5c9fe5
--- /dev/null
+++ b/Community Developed/Trellix HX/Alerts/Trellix-HX-Alerts-Workflow.xml	
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="Trellix HX" version="1.0.4" xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V1">
+	<Parameters>
+		<Parameter name="host" label="Host" required="true" />
+		<Parameter name="hx_port" label="Port" required="true" />
+		<Parameter name="username" label="Username" required="true" />
+		<Parameter name="password" label="Password" required="true" secret="true" />
+		<Parameter name="limit" label="Limit" required="true" />
+	</Parameters>
+	<Actions>
+		<!-- Initialize the Bookmark -->
+		<Initialize path="/bookmark" value="0" />
+		<!-- Authenticate and request API Token -->
+		<CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/token" method="GET" savePath="/getFeApiToken" >
+			<BasicAuthentication username="${/username}" password="${/password}" />
+			<RequestHeader name="Accept" value="application/json" />
+		</CallEndpoint>
+		<!-- Handle Errors -->
+		<If condition="/getFeApiToken/status_code != 204">
+			<Log type="Error" message="Trellix HX API: API Authentication Error: ${/getFeApiToken/body}" />
+			<Abort reason="Trellix HX API: API Authentication Error: ${/getFeApiToken/body}" />
+		</If>
+		<Else>
+			<!-- Extract the API Token -->
+			<Set path="/x_feapi_token" value="${/getFeApiToken/headers/X-FeApi-Token}" />
+		</Else>
+		<!-- Get First Alert -->
+		<Set path="/offset" value="0" />
+		<Set path="limit" value="1" />
+		
+		<CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/alerts/?" method="GET" savePath="/getFirstAlert">
+			<QueryParameter name="offset" value="${/offset}" />
+			<QueryParameter name="limit" value="${/limit}" />
+			<QueryParameter name="sort" value="_id" />
+			<RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+			<RequestHeader name="Accept" value="application/json" />
+		</CallEndpoint>
+		<!-- Handle Errors -->
+		<If condition="/getFirstAlert/status_code != 200">
+			<Log type="Error" message="Trellix HX API: Error fetching first alert ${/getFirstAlert/body}" />
+			<Abort reason="Trellix HX API: API Authentication Error: ${/getFirstAlert/body}">
+		</If>
+		<Else>
+		<Set path="/firstAlertId" value="${/getFirstAlert/body/data/entries[0]/_id}" />
+			<Log type="INFO" message="Trellix HX API: Got ${/getFirstAlert/body/data/total} alerts" />
+			<If condition="${/getFirstAlert/body/data/total} > 0">
+				<set path="/entries" value="${/getAlerts/body/data/total}">
+			</If>
+			<Else>
+				<Log type="Notice" message="Trellix HX API: No Alerts to fetch" />
+				<Abort reason="Trellix HX API: No Alerts to fetch">
+			</Else>
+		</Else>
+		
+		<!-- Get Last Alert -->
+		<Set path="/offset" value="${/entries -1}" />
+		<Set path="limit" value="1" />
+		
+		<CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/alerts/?" method="GET" savePath="/getLastAlert">
+			<QueryParameter name="offset" value="${/offset}" />
+			<QueryParameter name="limit" value="${/limit}" />
+			<QueryParameter name="sort" value="_id" />
+			<RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+			<RequestHeader name="Accept" value="application/json" />
+		</CallEndpoint>
+		<!-- Handle Errors -->
+		<If condition="/getLastAlert/status_code != 200">
+			<Log type="Error" message="Trellix HX API: Error fetching last alert ${/getLastAlert/body}" />
+			<Abort reason="Trellix HX API: Error fetching last alert ${/getLastAlert/body}">
+		</If>
+		<Else>
+			<Set path="/firstAlertId" value="${/getLastAlert/body/data/entries[0]/_id}" />
+			<Log type="INFO" message="Trellix HX API: Last Alert ID: ${/getLastAlert/body/data/total}" />
+			<If condition="${/getFirstAlert/body/data/total} > 0">
+				<set path="/entries" value="${/getAlerts/body/data/total}">
+			</If>
+		</Else>
+
+		<If condition="/bookmark > 0">
+			
+		</If>
+		<Else>
+
+		</Else>
+		
+		<!-- Extract Alerts-->
+		<DoWhile condition="(/entries) > 0">
+			<Set path="/alerts" value="${/getAlerts/body/data/entries}" />
+			<!-- Enrich Alerts -->
+			<ForEach item="/alert" items="/alerts">
+				<Set path="/alertID" value="${/alert/_id}">
+				<CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/hosts/${/alert/agent/_id}" method="GET" savePath="/getAagent">
+					<RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+					<RequestHeader name="Accept" value="application/json" />
+				</CallEndpoint>
+				<If condition="/getAagent/status_code != 200">
+					<Log type="Error" message="Trellix HX API: Error fetching Agnet information: ${/getAagent/body}" />
+					<Abort reason="Error login: ${/getAagent/body}" />
+				</If>
+				<Log type="Info" message="Trellix HX API: Host found for ID: ${/alert/agent/_id}" />
+				<!-- Add host information to alert-->
+				<Set path="/alert/agent/hostname" value="${/getAagent/body/data/hostname}"  />
+				<Set path="/alert/agent/domain" value="${/getAagent/body/data/domain}"  />
+				<Set path="/alert/agent/primary_ip_address" value="${/getAagent/body/data/primary_ip_address}"  />
+				<Set path="/alert/agent/last_poll_ip" value="${/getAagent/body/data/last_poll_ip}"  />
+				<PostEvent path="/alert" source="${/host}" />
+			</ForEach>
+			<!-- Update bookmark -->
+			<ParseDate pattern="yyyy-MM-dd'T'HH:mm:ss.SSS'Z'" timeZone="UTC" date="${max(/alerts/reported_at)}" savePath="/bookmark" />
+			<Log type="Info" message="Trellix HX API: Last Alert Time set to: ${/bookmark}" />
+			
+			<!-- Next Page -->
+			<Set path="/offset" value="${/offset + /limit - 1}" />
+			<!-- Get next page of alerts -->
+			<CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/alerts/?" method="GET" savePath="/getAlerts">
+				<QueryParameter name="offset" value="${/offset}" />
+				<QueryParameter name="limit" value="${/limit}" />
+				<QueryParameter name="sort" value="_id" />
+				<QueryParameter name="filterQuery" value="${/filterQuery}" />
+				<RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+				<RequestHeader name="Accept" value="application/json" />
+			</CallEndpoint>
+			<If condition="/getAlerts/status_code != 200">
+				<Log type="Error" message="Trellix HX API: Error getting alerts: ${/getAlerts/body}" />
+				<Abort reason="Error login: ${/getAlerts/body}" />
+			</If>
+		</DoWhile>
+
+		<!-- Dispose generated token to clear active session -->
+		<CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/token" method="DELETE" savePath="/delFeApiToken" >
+			<If condition="/ignore_selfsigned_certificate == 1">
+				<SSLConfiguration allowUntrustedServerCertificate="true" />
+			</If>
+			<RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+			<RequestHeader name="Accept" value="application/json" />
+		</CallEndpoint>
+		<!-- Handle Errors -->
+		<If condition="/delFeApiToken/status_code != 204">
+			<Log type="Error" message="Trellix HX API: Error Deleteing Session: ${/delFeApiToken/body}" />
+			<Abort reason="${/delFeApiToken/body}" />
+		</If>
+	</Actions>
+	
+	<Tests>
+		<DNSResolutionTest host="${/host}" />
+		<TCPConnectionTest host="${/host}" port="${/hx_port}" />
+		<SSLHandshakeTest host="${/host}" port="${/hx_port}"/>
+		<HTTPConnectionThroughProxyTest url="https://${/host}:${/hx_port}" />
+	</Tests>
+</Workflow>
diff --git a/Community Developed/Trellix HX/LICENSE b/Community Developed/Trellix HX/LICENSE
new file mode 100644
index 0000000..15286d7
--- /dev/null
+++ b/Community Developed/Trellix HX/LICENSE	
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Mohamed Al-Shabrawy
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/Community Developed/Trellix HX/Process Tracker/Trellix-HX-ProcessTracker-Workflow-Parameter-Value.xml b/Community Developed/Trellix HX/Process Tracker/Trellix-HX-ProcessTracker-Workflow-Parameter-Value.xml
new file mode 100644
index 0000000..ac21019
--- /dev/null
+++ b/Community Developed/Trellix HX/Process Tracker/Trellix-HX-ProcessTracker-Workflow-Parameter-Value.xml	
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<WorkflowParameterValues xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/WorkflowParameterValues/V1">
+    <Value name="host" value="hexXXXXXX-hx-webui-1.hex03.helix.apps.fireeye.com" />
+    <Value name="hx_port" value="443" /> <!-- 443 for CLoud and 3000 for On-Prem -->
+    <Value name="username" value="api_analyst" />
+    <Value name="password" value="api_analyst" />
+</WorkflowParameterValues>
diff --git a/Community Developed/Trellix HX/Process Tracker/Trellix-HX-ProcessTracker-Workflow.xml b/Community Developed/Trellix HX/Process Tracker/Trellix-HX-ProcessTracker-Workflow.xml
new file mode 100644
index 0000000..d67517e
--- /dev/null
+++ b/Community Developed/Trellix HX/Process Tracker/Trellix-HX-ProcessTracker-Workflow.xml	
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="Trellix HX Process Tracker Events" version="1.0.1" xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V1">
+	<Parameters>
+		<Parameter name="host" label="Host" required="true" />
+		<Parameter name="hx_port" label="Port" required="true" />
+		<Parameter name="username" label="Username" required="true" />
+		<Parameter name="password" label="Password" required="true" secret="true" />
+	</Parameters>
+	<Actions>
+		<!-- Initialize the Bookmark -->
+		<Initialize path="/bookmark" value="0" />
+		<Initialize path="/totalEventCount" value="0" />
+
+		<!-- Authenticate and request API Token -->
+		<CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/token" method="GET" savePath="/getFeApiToken" >
+			<BasicAuthentication username="${/username}" password="${/password}" />
+			<RequestHeader name="Accept" value="application/json" />
+		</CallEndpoint>
+
+		<!-- Handle Errors -->
+		<If condition="/getFeApiToken/status_code != 204">
+			<Log type="Error" message="Trellix HX API: Error Authenticating to API: ${/getFeApiToken/body}" />
+			<Abort reason="Trellix HX API: API Authentication Error: ${/getFeApiToken/body}" />
+		</If>
+		<Else>
+			<!-- Extract the API Token -->
+			<Set path="/x_feapi_token" value="${/getFeApiToken/headers/X-FeApi-Token}" />
+        </Else>
+        <!-- Get PT Events -->
+        <!-- Get First Event -->
+        <Set path="/offset" value="0" />
+        <Set path="/limit" value="1" />
+        
+        <CallEndpoint url="https://${/host}:${/hx_port}/hx/api/plugins/process-tracker/v1/events?" method="GET" savePath="/getFirstPTEvent">
+            <QueryParameter name="offset" value="${/offset}" />
+            <QueryParameter name="limit" value="${/limit}" />
+            <QueryParameter name="sort" value="id:asc" />
+            <RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+            <RequestHeader name="Accept" value="application/json" />
+        </CallEndpoint>
+        <!-- Handle Errors -->
+        <If condition="/getFirstPTEvent/status_code != 200">
+            <Log type="Error" message="Trellix HX API: Error fetching first PT Event ${/getFirstPTEvent/body}" />
+            <Abort reason="Trellix HX API: Error pulling ProcessTracker first Event: ${/getFirstPTEvent/body}" />
+        </If>
+        <Else>
+            <Set path="/totalEventCount" value="${/getFirstPTEvent/body/total}" />
+            <Log type="INFO" message="Trellix HX API: Got ${/totalEventCount} PT events" />
+            <!-- Check for events -->
+            <If condition="${/totalEventCount} > 0">
+                <!-- Set first event ID -->
+                <Set path="/firstEventId" value="${/getFirstPTEvent/body/data[0]/id}" />
+            </If>
+            <Else>
+                <!-- Dispose generated token to clear active session -->
+                <CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/token" method="DELETE" savePath="/delFeApiToken" >
+                    <RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+                    <RequestHeader name="Accept" value="application/json" />
+                </CallEndpoint>
+                <Log type="INFO" message="Trellix HX API: no PT Events available" />
+                <Abort reason="Trellix HX API: no PT Events available" />
+            </Else>
+        </Else>
+
+        <!-- Get last Event on the system
+            Events might not have sequential IDs and offest doesn’t match event ID -->
+        <Set path="/offset" value="${/totalEventCount - 1}" />
+        <CallEndpoint url="https://${/host}:${/hx_port}/hx/api/plugins/process-tracker/v1/events?" method="GET" savePath="/getPTLastEvent">
+            <QueryParameter name="offset" value="${/offset}" />
+            <QueryParameter name="limit" value="${/limit}" />
+            <QueryParameter name="sort" value="id:asc" />
+            <RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+            <RequestHeader name="Accept" value="application/json" />
+        </CallEndpoint>
+        <!-- Handle Errors -->
+        <If condition="/getPTLastEvent/status_code != 200">
+            <Log type="Error" message="Trellix HX API: Error fetching last PT Event: ${/getPTLastEvent/body}" />
+            <Abort reason="Trellix HX API: Error pulling ProcessTracker Last Event: ${/getPTLastEvent/body}" />
+        </If>
+        <Else>
+            <!-- HX API ill return a new token as part of response headers when nearing exipry-->
+            <If condition="/getPTLastEvent/headers/X-FeApi-Token != null">
+                <Set path="/x_feapi_token" value="${/getPTEvents/headers/X-FeApi-Token}" />
+            </If>
+            
+            <!-- Set last Event ID-->
+            <Set path="/lastEventId" value="${/getPTLastEvent/body/data[0]/id}" />
+            <!-- Check for bookmark-->
+            <If condition="/bookmark > 0">
+                <If condition="/firstEventId > /bookmark">
+                    <Set path="/bookmark" value="${/firstEventId}"/>
+                </If>
+                <ElseIf condition="/bookmark >= /lastEventId">
+                    <Set path="/bookmark" value="${/lastEventId}"/>
+                    <Log type="INFO" message="Trellix HX API: no more PT Events " />
+                    <Abort reason="Trellix HX API: no more PT Events" />
+                </ElseIf>
+            </If>
+            <Else>
+                <Set path="/bookmark" value="${/firstEventId}"/>
+            </Else>
+            
+            <Set path="/entries" value="${/lastEventId - /firstEventId + 1}" />
+        
+            <DoWhile condition="${/entries} > 0">
+                <!-- Loop through event using IDs -->
+                <CallEndpoint url="https://${/host}:${/hx_port}/hx/api/plugins/process-tracker/v1/events/${/bookmark}" method="GET" savePath="/getPTEvent">
+                    <RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+                    <RequestHeader name="Accept" value="application/json" />
+                </CallEndpoint>
+                <!-- HX API ill return a new token as part of response headers when nearing exipry-->
+                <If condition="/getPTEvents/headers/X-FeApi-Token != null">
+                    <Set path="/x_feapi_token" value="${/getPTEvent/headers/X-FeApi-Token}" />
+                </If>
+                <If condition="/getPTEvent/status_code = 404">
+                    <!-- Update bookmark -->
+                    <Set path="/bookmark" value="${/bookmark  + 1}" />
+                    <Log type="INFO" message="Trellix HX API: Error PT event ${/bookmark} not found: ${/getPTEvent/body}" />
+                </If>
+                <ElseIf condition="/getPTEvent/status_code = 200">
+                    <Set path="/event" value="${/getPTEvent/body/data[0]}" />
+                    <PostEvent path="/event" source="${/host}" />
+                    <!-- Update bookmark -->
+                    <Set path="/bookmark" value="${/bookmark + 1}" />
+                    <Set path="/entries" value="${/entries - 1}" />
+                    <Log type="INFO" message="Trellix HX API: Next PT Even ID ${/bookmark}" />
+                </ElseIf>
+                <Else>
+                    <Log type="ERROR" message="Trellix HX API: Error getting PT Events: ${/getPTEvent/body}" />
+                </Else>
+            </DoWhile>
+        </Else>
+
+        <!-- Dispose generated token to clear active session -->
+        <CallEndpoint url="https://${/host}:${/hx_port}/hx/api/v3/token" method="DELETE" savePath="/delFeApiToken" >
+            <RequestHeader name="X-FeApi-Token" value="${/x_feapi_token}" />
+            <RequestHeader name="Accept" value="application/json" />
+        </CallEndpoint>
+    </Actions>
+	
+	<Tests>
+		<DNSResolutionTest host="${/host}" />
+		<TCPConnectionTest host="${/host}" port="${/hx_port}" />
+		<!--SSLHandshakeTest host="${/host}" port="${/hx_port}"/-->
+		<HTTPConnectionThroughProxyTest url="https://${/host}:${/hx_port}" />
+	</Tests>
+</Workflow>
diff --git a/Community Developed/Trellix HX/README.md b/Community Developed/Trellix HX/README.md
new file mode 100644
index 0000000..2f0be39
--- /dev/null
+++ b/Community Developed/Trellix HX/README.md	
@@ -0,0 +1,18 @@
+# QRadar Workflows for Trellix HX
+IBM QRadar Universal Cloud Connector Workflows for reading Trellix/FireEye HX Alerts and Events through REST API
+
+## Requirements:
+User account to access FireEye HX Controller with api_analyst role
+
+## Workflow information
+- Author Name: Mohamed Al-Shabrawy
+- Maintainer Name: @M-Shabrawy
+- Version: 1.0.5
+- Endpoint Documentation:
+  - - https://fireeye.dev/
+  - - https://fireeye.dev/apis/lighthouse/
+  
+## Event Types Currently Supported by the workflow:
+-   Alerts: Collects non-suppressed alerts known to the system.
+-   Alert Groups: Collects alert_groups.
+-   Process Tracker: Collects Process Tracker module events.