Configure Aurora Endpoint Defense for Arctic Wolf monitoring

You can configure Aurora Endpoint Defense® (formerly known as CylancePROTECT and CylanceOPTICS products) to send the necessary logs to Arctic Wolf® for security monitoring.

Note: If you have multiple tenants, you must complete these steps for each tenant. Do not reuse a webhook token or URL for all of your tenants.

These resources are required:

  • An Aurora Endpoint Defense license
  • Administrator access to the Aurora Endpoint Defense dashboard

Get the webhook token and URL

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Sensors.
  3. Click Add Account +.
  4. On the Add Account page, click Aurora Endpoint Defense.
  5. In the Name field, enter a unique and descriptive name for the account.
  6. Click Generate Token.
  7. Copy the webhook token and webhook URL to a safe, encrypted location to provide to Arctic Wolf in Create a new connector to integrate data.
    Note: If you lose the webhook token, you must generate a new one. For more information, see Generate a new webhook token.

Create a new connector to integrate data

  1. Sign in to the Aurora Endpoint Defense dashboard (formerly CylancePROTECT).
  2. Click > Connectors.
  3. Click + Add Connector, and then select Arctic Wolf MDR from the list.
  4. On the Arctic Wolf MDR Configuration page, enter the webhook URL and token from Get the webhook token and URL.
  5. Click Save.