This app is archived. App archiving documentation

CylancePROTECT App for Splunk

The Cylance PROTECT Application for Splunk enables security professionals and administrators to monitor for high risk threats in their organization by driving custom searches, reports, and alerts using the Cylance PROTECT and OPTICS EDR data. This application provides the ability for users to monitor, track, and analyze threat data and activity across their environment effectively using pre-set dashboards views and reports for Threat and Device Management. The dashboards, reports, and searches can be further customized and provide drill down capability for all data in order for users to perform in-depth analysis and investigation. The application can be configured with Cylance PROTECT and OPTICS Syslog and/or the Cylance Threat Data Report (TDR).

Built by

Latest Version 1.6.0

April 5, 2021

Compatibility

Splunk Enterprise

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2

CIM Version: 4.x, 3.x

Rating

0

(0)

Log in to rate this app

Support

Not Supported

The Cylance PROTECT Application for Splunk enables security professionals and administrators to monitor for high risk threats in their organization by driving custom searches, reports, and alerts using the Cylance PROTECT and OPTICS EDR data. This application provides the ability for users to monitor, track, and analyze threat data and activity across their environment effectively using pre-set dashboards views and reports for Threat and Device Management. The dashboards, reports, and searches can be further customized and provide drill down capability for all data in order for users to perform in-depth analysis and investigation. The application can be configured with Cylance PROTECT and OPTICS Syslog and/or the Cylance Threat Data Report (TDR). Read the details tab on where to place the app and TA: - Matching TA (for Indexers and Forwarders) found here: https://splunkbase.splunk.com/app/3709/