All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to configure Cylance in Splunk Cloud

wredmond0
New Member
‎11-27-2018 03:46 PM

Hi all,

I'm currently trying to configure Cylance to point to our Splunk Cloud instance, and getting a bit stuck on actually adding it in.

Within Splunk, I've created a HTTP Event Collector, pointing to the index "cylance_protect", using the port 8088 (forced by default), with SSL enabled. I've also ensured to enable the token in Global Settings.

I've taken the tokens supplied through the HTTP Event Collector, and have configured Cylance with the below settings:

alt text

When attempting to test the connection in Cylance, I get a failure message. I believe this is due to having been configured incorrectly on either the Splunk side, or the Cylance side.

Splunk is not our usual SIEM of choice, so I'm not entirely sure where there might be issues occurring.

Any chance someone has performed this before and can tell me what might be going wrong?

Preview file
123 KB
0 Karma
Reply

niemesrw
Path Finder
‎12-17-2019 04:56 AM

I don't think cylance supports HEC as an output at this time. There's an existing enhancement request if you login to cylance's support portal. Upvote it and maybe that will help get some traction from their development team.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...