The Cylance PROTECT Application for Splunk enables security professionals and administrators to monitor for high risk threats in their organization by driving custom searches, reports, and alerts using the Cylance PROTECT and OPTICS EDR data. This application provides the ability for users to monitor, track, and analyze threat data and activity across their environment effectively using pre-set dashboards views and reports for Threat and Device Management. The dashboards, reports, and searches can be further customized and provide drill down capability for all data in order for users to perform in-depth analysis and investigation. The application can be configured with Cylance PROTECT and OPTICS Syslog and/or the Cylance Threat Data Report (TDR). Read the details tab on where to place the app and TA: - Matching TA (for Indexers and Forwarders) found here: https://splunkbase.splunk.com/app/3709/