Skip to content

Cylance

Cylance enables Chronicle to pinpoint when attacks happen and on which assets by linking together alerts with telemetry seen across the environment.

Chronicle Data Types

  • Alert

Configuration

  1. In the Cylance management portal, go to Settings > Application.
  2. In the Integrations section, activate the Syslog/SIEM check box.
  3. Under Event Types, activate the check boxes for all events.
  4. Select None for SIEM.
  5. Select TCP for Protocol.
  6. In the IP/Domain and Port fields, enter in the syslog endpoint information provided by CYDERES.
  7. Select the check box TLS/SSL.
  8. Select Alert (1) for the Severity.
  9. Select Internal (5) for the Facility.
  10. Click Save.