Skip to content

Cylance

Cylance enables Chronicle to pinpoint when attacks happen and on which assets by linking together alerts with telemetry seen across the environment.

Chronicle Data Types

  • CYLANCE_PROTECT

Configuration

  1. In the Cylance management portal, go to Settings > Application
  2. In the Integrations section, activate the Syslog/SIEM check box
  3. Under Event Types, activate the check boxes for all events
  4. Select None for SIEM
  5. Select TCP for Protocol
  6. In the IP/Domain and Port fields enter in the syslog endpoint information provided by Cyderes
  7. Select the check box TLS/SSL
  8. Select Alert (1) for the Severity
  9. Select Internal (5) for the Facility
  10. Click Save