Blackberry CylanceOPTICs provides endpoint detection and response, providing visibility, root cause analysis, scalable threat hunting, and automated threat detection and response.
Once Cylance’s logs are integrated with Blumira, our cloud-delivered platform provides end-to-end automated threat detection, analysis and response with correlated data from across your entire environment.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Required Blumira Module: Cylance
Cylance provides an API that allows for the retrieval of event data into the Blumira platform. If you are using Cylance, please follow this guide to begin ingesting its data.
Before Blumira can retrieve event logs from Cylance, you will first need to obtain credentials to access the Cylance API via your Cylance Console. Cylance calls this adding an “application” or “integration.”
To obtain these credentials, please follow these instructions:
Next, you’ll need to configure your Blumira sensor to connect to the Cylance API, using the credentials you obtained above.
Here’s how to add the Cylance module:
The Add New Module window should close, and, back in your sensor detail page view, you should now see the Cylance Module listed in the table of modules.
Within minutes, the module will be operational, and will ingest Cylance logs from the last 12 hours into the Blumira platform. It will then poll Cylance continuously for the latest available logs.