CylancePROTECT
Version: CylancePROTECT
CylancePROTECT is an integrated threat prevention solution that combines the power of artificial intelligence (AI) to block malware infections with additional security controls that safeguard against script-based, file less, memory, and external device based attacks.
Netsurion Open XDR can generate flex reports, trigger alerts for user logon activity, configuration changes, device activity, exploitation attempt and threat detection.
Netsurion Data Source Integration for CylancePROTECT allows you to monitor the following components:
- Security – Threat detection, script execution and exploitation attempt.
- Operation – Configuration changes and device activities.
- Compliance – User logon success.
Once CylancePROTECT is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Cylance – Threat detection | This category provides information related to threats detected on agent systems. |
| Security | Cylance – Exploitation attempt | This category provides information related to memory exploitations detected on agent systems. |
| Security | Cylance – Script execution | This category provides information related to scripts executed by users. |
| Compliance | Cylance – User logon succeeded | This alert will be generated when a successful user logon happens. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Cylance – Threat detection | This report gives the information about all the threats detected by CylancePROTECT. |
| Security | Cylance – Exploitation attempt | This report gives information about memory exploitations detected by CylancePROTECT. |
| Security | Cylance – Script execution | This report gives information about scripts executed by the users. |
| Operations | Cylance – Configuration changes | This report gives the information about device configuration changes done by users. |
| Operations | Cylance – Device activities | This report gives information about device activity in agent systems. |
| Compliance | Cylance – User logon | This report gives information about successful user logon. |
Documentation
The configuration details are consistent with Netsurion Open XDR 8.x and later, and CylancePROTECT.
Download Integration Guide for configuration instructions and more information.