icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Enosys Add-on for CylancePROTECT
SHA256 checksum (enosys-add-on-for-cylanceprotect_112.tgz) c537eda74eebed1ed93ebaa7a08c90a0dda58e844c0b5a22101b38b081d5f492 SHA256 checksum (enosys-add-on-for-cylanceprotect_111.tgz) 7ea5f6fa9bf0ef79b6db38ca69e6fa9cf865d2646e536f9bd5dea6488edb5dd9 SHA256 checksum (enosys-add-on-for-cylanceprotect_102.tgz) e7f4da09bd6c68060f3ae939a6a5b8b102cf91feacbfb680a67a550a609170a7 SHA256 checksum (enosys-add-on-for-cylanceprotect_101.tgz) 85d82f1db8998149e488a78776d34de42474b0f6cd7a5b5f75dfbdc5be0aa08b SHA256 checksum (enosys-add-on-for-cylanceprotect_100.tgz) e709d62f51d2c23bf78f6534362f9e149dcd6cba25f03767cc45c71c0f32e17a
To install your download
For instructions specific to your download, click the Details tab after closing this window.
To install apps and add-ons from within Splunk Enterprise
  1. Log into Splunk Enterprise.
  2. On the Apps menu, click Manage Apps.
  3. Click Install app from file.
  4. In the Upload app window, click Choose File.
  5. Locate the .tar.gz file you just downloaded, and then click Open or Choose.
  6. Click Upload.
  7. Click Restart Splunk, and then confirm that you want to restart.
To install apps and add-ons directly into Splunk Enterprise
  1. Put the downloaded file in the $SPLUNK_HOME/etc/apps directory.
  2. Untar and ungzip your app or add-on, using a tool like tar -xvf (on *nix) or WinZip (on Windows).
  3. Restart Splunk.
After you install a Splunk app, you will find it on Splunk Home. If you have questions or need more information, see Manage app and add-on objects.

Flag As Inappropriate

Enosys Add-on for CylancePROTECT

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
About Us:
- Enosys Solutions is a technology security specialist with a highly skilled professional services team and 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia, specialising in Security Operations services leveraging Splunk.

Description:
- Enosys created this Technical Add-On to enable CIM-compliant ingestion of logging data from a forwarded Cylance Protect logs.

Features:
- This is intended to support field extraction for Splunk Cloud and Enterprise deployments.
- As this is intended for use on Search Heads no binaries are included.
- Efforts to ensure CIM compliance are met.
- The Enosys Add-on for Cylance Protect works with expected Cylance Protect type logs threat,device,indicator and event .
- Additional support for syslog ingestion

Attribution:
- Enosys acknowledges the efforts of TonyLeeVT for their work and maintenance of the foundation component 'https://splunkbase.splunk.com/app/3709/'

Release Notes

Version 1.1.2
June 18, 2020

Requirements:

- This Add-on requires additional 'CylancePROTECT Add-on for Splunk Enterprise ' (https://splunkbase.splunk.com/app/3709/) installed on a Heavy Forwarder to retrieve the raw logs via the CylancePROTECT API endpoint.

Installation:

- The Add-on Enosys Add-on for Cylance Protect should be installed on Search Heads and Indexers.
- CylancePROTECT Add-on for Splunk Enterprise ' (https://splunkbase.splunk.com/app/3709/) installed on a Heavy Forwarder
- The eventtypes stanza 'cylance_index' should be updated to match your named index (if differs from default 'cylance_protect').


Addressed Issues:

- Reallocate 'threat_cleared' log events tag to malware operations.

Version 1.1.1
May 15, 2020

Requirements:
- This Add-on requires additional 'CylancePROTECT Add-on for Splunk Enterprise ' (https://splunkbase.splunk.com/app/3709/) installed on a Heavy Forwarder or Inputs Data Manager (IDM) to retrieve the raw logs via the CylancePROTECT API endpoint.

Installation:
- The Add-on Enosys Add-on for Cylance Protect should be installed on Search Heads and Indexers.
- CylancePROTECT Add-on for Splunk Enterprise ' (https://splunkbase.splunk.com/app/3709/) installed on a Heavy Forwarder or Inputs Data Manager (IDM)
- The eventtypes stanza 'cylance_index' should be updated to match your named index (if differs from default 'cylance_protect').

Addressed Issues:
- Additional support for syslog ingestion

Version 1.0.2
Jan. 15, 2020

Requirements:
- This Add-on requires additional 'CylancePROTECT Add-on for Splunk Enterprise ' (https://splunkbase.splunk.com/app/3709/) installed on a Heavy Forwarder or Inputs Data Manager (IDM) to retrieve the raw logs via the CylancePROTECT API endpoint.

Installation:
- The Add-on Enosys Add-on for Cylance Protect should be installed on Search Heads and Indexers.
- CylancePROTECT Add-on for Splunk Enterprise ' (https://splunkbase.splunk.com/app/3709/) installed on a Heavy Forwarder or Inputs Data Manager (IDM)
- The eventtypes stanza 'cylance_index' should be updated to match your named index (if differs from default 'cylance_protect').

Addressed Issues:
- Issue with renamed Cylance sourcetypes during search time have been fixed

Version 1.0.1
Jan. 6, 2020

Requirements:
- This Add-on requires additional 'CylancePROTECT Add-on for Splunk Enterprise ' (https://splunkbase.splunk.com/app/3709/) installed on a Heavy Forwarder or Inputs Data Manager (IDM) to to retrieve the raw logs via the CylancePROTECT API endpoint.

Installation:
- The Add-on Enosys Add-on for Cylance Protect should be installed on Search Heads and Indexers.
- CylancePROTECT Add-on for Splunk Enterprise ' (https://splunkbase.splunk.com/app/3709/) installed on a Heavy Forwarder or Inputs Data Manager (IDM)
- The eventtypes stanza 'cylance_index' should be updated to match your named index (if differs from default 'cylance_protect').

Version 1.0.0
Jan. 2, 2020

Requirements:
- This Add-on requires additional 'CylancePROTECT Add-on for Splunk Enterprise ' (https://splunkbase.splunk.com/app/3709/) installed on a Heavy Forwarder or Inputs Data Manager (IDM) to to retrieve the raw logs via the CylancePROTECT API endpoint.

Installation:
- The Add-on Enosys Add-on for Cylance Protect should be installed on Search Heads and Indexers.
- CylancePROTECT Add-on for Splunk Enterprise ' (https://splunkbase.splunk.com/app/3709/) installed on a Heavy Forwarder or Inputs Data Manager (IDM)
- The eventtypes stanza 'cylance_index' should be updated to match your named index (if differs from default 'cylance_protect').

12
Installs
79
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.