Skip to content


Cylance enables Chronicle to pinpoint when attacks happen and on which assets by linking together alerts with telemetry seen across the environment.

Chronicle Data Types



  1. In the Cylance management portal, go to Settings > Application
  2. In the Integrations section, activate the Syslog/SIEM check box
  3. Under Event Types, activate the check boxes for all events
  4. Select None for SIEM
  5. Select TCP for Protocol
  6. In the IP/Domain and Port fields enter in the syslog endpoint information provided by Cyderes
  7. Select the check box TLS/SSL
  8. Select Alert (1) for the Severity
  9. Select Internal (5) for the Facility
  10. Click Save