Re: CylancePROTECT App: Fetch device details

kannu · ‎05-13-2019

I have Cylance protect app installed on my Splunk environment, but I don't know how to fetch the details provided below using API that Cylance provided in the Cylance app for Splunk.

• Id
• Name
• Host_name
• OS_version
• State
• Agent_version
• Policy
• Last_logged_in_user
• Update_type
• Update_available
• Background_detection
• Is_safe
• Date_last_modified
• Ip_address
• Mac_address
• Date_first_registered
• Date_offline

If that can be accomplished using API calls , please let me know how to do that.

Thanks,
Manish Kumar

marycordova · ‎05-22-2019

You should be able to turn all the appropriate logging on in the web UI of the Cylance admin console. Check first that all the logging options are turned on there.

@marycordova

kannu · ‎06-07-2019

@marycordova
I will check with my cylance team . and get back to you

kannu · ‎06-24-2019

@marycordova
After enabling all logging , Still i am not able to fetch /search the data for any of the field

Id
• Name
• Host_name
• OS_version
• State
• Agent_version
• Policy
• Last_logged_in_user
• Update_type
• Update_available
• Background_detection
• Is_safe
• Date_last_modified
• Ip_address
• Mac_address
• Date_first_registered
• Date_offline

kannu · ‎05-22-2019

@tonylee

Can you help me here as i can see that add on of the cylance app is created by you .

Thanks
Manish Kumar

CylancePROTECT App: Fetch device details

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation