Cylance enables Chronicle to pinpoint when attacks happen and on which assets by linking together alerts with telemetry seen across the environment.
Chronicle Data Types
- In the Cylance management portal, go to Settings > Application.
- In the Integrations section, activate the Syslog/SIEM check box.
- Under Event Types, activate the check boxes for all events.
- Select None for SIEM.
- Select TCP for Protocol.
- In the IP/Domain and Port fields, enter in the syslog endpoint information provided by CYDERES.
- Select the check box TLS/SSL.
- Select Alert (1) for the Severity.
- Select Internal (5) for the Facility.
- Click Save.