Connecting Cylance Protect

Welcome Forums Integrations Connecting Cylance Protect

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • #2901
    Mike RiforgiateMike Riforgiate
    Keymaster

    Cylance Console

    • Log in to the Cylance Console as an administrator. Only administrators can create an application integration.
    • Select Settings >  Integrations.
    • Click Add Application.
    • Type an Application Name. This must be unique within your organization.
    • Select the access privileges for a Console data type. Not selecting any checkboxes for a data type means the application does not have access to that data type.
      • Select “READ” access
    • Click Save
      • Make note of the Application ID and Application Secret

     

    Precinct Configuration

    • Go to Admin > SOAR > Cylance Protect > Config
    • Click the checkbox for Enable the Cylance Protect Integration
    • Paste the Application ID, Application Secret, and Tenant ID
    • Click the disk icon (Save)
    • Click Jobs and go to Artifacts from Cylance.
    • Select Triggers, expanding Manual Trigger and Interval Trigger. 
      • Toggle both to State: ENABLED
    • The Interval Trigger is set to 2 hours by default, but you can update it to what best suits your organization. (Recommended: 10 minutes)
    • Click the disk icon (Save)
    • It can take up to 24 hours for “Cylance” to be listed as an Artifact Source under Report > Tool Effectiveness > Artifact Source Types

     

    Cylance API Doc

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.