Re: CylancePROTECT App: Fetch device details

kannu · ‎05-13-2019

I have Cylance protect app installed on my Splunk environment, but I don't know how to fetch the details provided below using API that Cylance provided in the Cylance app for Splunk.

• Id
• Name
• Host_name
• OS_version
• State
• Agent_version
• Policy
• Last_logged_in_user
• Update_type
• Update_available
• Background_detection
• Is_safe
• Date_last_modified
• Ip_address
• Mac_address
• Date_first_registered
• Date_offline

If that can be accomplished using API calls , please let me know how to do that.

Thanks,
Manish Kumar

marycordova · ‎05-22-2019

You should be able to turn all the appropriate logging on in the web UI of the Cylance admin console. Check first that all the logging options are turned on there.

@marycordova

kannu · ‎06-07-2019

@marycordova
I will check with my cylance team . and get back to you

kannu · ‎06-24-2019

@marycordova
After enabling all logging , Still i am not able to fetch /search the data for any of the field

Id
• Name
• Host_name
• OS_version
• State
• Agent_version
• Policy
• Last_logged_in_user
• Update_type
• Update_available
• Background_detection
• Is_safe
• Date_last_modified
• Ip_address
• Mac_address
• Date_first_registered
• Date_offline

kannu · ‎05-22-2019

@tonylee

Can you help me here as i can see that add on of the cylance app is created by you .

Thanks
Manish Kumar

CylancePROTECT App: Fetch device details

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

CylancePROTECT App: Fetch device details

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem