Cylance Monitoring

Updated Jan 17, 2024

Configure Cylance for Arctic Wolf monitoring

You can configure Cylance® to send the necessary logs to Arctic Wolf® for security monitoring.

Note: Arctic Wolf currently support the CylancePROTECT and CylanceOPTICS products, and we integrate with the Threats, Detection, and MemoryProtection API endpoints.

Requirements

Steps

  1. Create an API application.
  2. Provide your Cylance credentials to Arctic Wolf.

Step 1: Create an API application

  1. Sign in to the Cylance console with administrator permissions.

  2. Click Settings > Integrations.

  3. Click Add Application.

  4. In the Application Name field, enter a name for the application.

  5. For each PRIVILEGE, select the READ checkbox.

  6. Click Save.

    A dialog opens that displays the Application ID and the Application Secret.

  7. Copy the Application ID and the Application Secret values, and then save them in a safe, encrypted location. You will provide them to Arctic Wolf later.

  8. Click OK.

  9. Click Settings > Integrations.

  10. Copy the Tenant ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 2: Provide your Cylance credentials to Arctic Wolf

Note: If API credentials fail, for example due to expired credentials, Arctic Wolf notifies you and requests a new set of credentials. After receiving refreshed credentials, Arctic Wolf can only retrieve data from the previous 12 hours. Provide refreshed credentials within 12 hours of expiry to enable complete data polling and coverage. For more information, see MDR polling frequency.

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Detection and Response.

  5. In the Cloud Services list, select Cylance.

  6. On the Add Account page, configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • Tenant ID — Enter the tenant ID from Create an API application.

    • Application ID — Enter the application ID from Create an API application.

    • Application Secret — Enter the application secret from Create an API application.

    • API Hostname — Select a service endpoint for your location.

    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.

  7. Click Test and submit credentials.

    After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.