The CylancePROTECT App for Splunk

The CylancePROTECT® App for Splunk makes real-time threat monitoring and analysis easy. We’ve combined the math-based capabilities of CylancePROTECT with the power of Splunk to provide you with all the tools you need to closely monitor and analyze threat data and malicious activity across your organization, in order to help secure your endpoints.

In this technical demonstration video, Tony Lee, Senior Technical Director of Professional Services at Cylance, demonstrates the freely available CylancePROTECT App for Splunk. This joint Cylance/ Splunk integration provides both a high-level overview for executives as well as the details needed by the analysts to investigate the incident.

We’ll walk you through the data feeds, dashboards, and workflows to show the value of enabling this capability within your organization.

Today, we’d like to show you the CylancePROTECT app for Splunk. You begin by downloading our free application from the app manager within Splunk, or directly from Splunkbase. When visiting our download page on Splunkbase, you will find an overview of the application, which includes a description, versioning information, and a link to our related technology add-on.

Clicking on the details tab provides high-level installation instructions, as well as a link to our detailed installation and configuration guide (Note: Cylance account creation required to view). This detailed guide includes important topics which include requirements, installation, configuration of multiple data sources, and uninstallation if that proves necessary at any point – as well as troubleshooting steps and contact information in case you need more support.

Here’s an example of content showing the configuration of real time Syslog alerts. After the Cylance Splunk app is downloaded and configured to receive data, you will notice that the application has been designed for both managers and responding analysts. Managers can review the heads-up dashboards that provide statistical visibility across (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Videos. Read the original post at: