All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to configure Cylance in Splunk Cloud

wredmond0
New Member
‎11-27-2018 03:46 PM

Hi all,

I'm currently trying to configure Cylance to point to our Splunk Cloud instance, and getting a bit stuck on actually adding it in.

Within Splunk, I've created a HTTP Event Collector, pointing to the index "cylance_protect", using the port 8088 (forced by default), with SSL enabled. I've also ensured to enable the token in Global Settings.

I've taken the tokens supplied through the HTTP Event Collector, and have configured Cylance with the below settings:

alt text

When attempting to test the connection in Cylance, I get a failure message. I believe this is due to having been configured incorrectly on either the Splunk side, or the Cylance side.

Splunk is not our usual SIEM of choice, so I'm not entirely sure where there might be issues occurring.

Any chance someone has performed this before and can tell me what might be going wrong?

Preview file
1 KB
0 Karma
Reply

niemesrw
Path Finder
‎12-17-2019 04:56 AM

I don't think cylance supports HEC as an output at this time. There's an existing enhancement request if you login to cylance's support portal. Upvote it and maybe that will help get some traction from their development team.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...