Cylance Collector Plugin - 5thColumn/Revolver-wiki-archive GitHub Wiki

Description

This plugin will gather all events from your endpoints that are protected by Cylance and deliver them to BOSS.

Configuration Instructions

Log in to the Cylance web console as an administrator.
Select Settings, then Integrations.
Click "Add Application".
Enter an application name. This must be a unique name.
Select all available READ access privileges for each console data type.
Click Save. The credentials you will need will be displayed.
Copy and paste the Application ID, Application Secret, and Tenant ID into a text editor.
Log into your Revolver instance and navigate to Manage Plugins.
Select the arrow next to Cylance Collector to expand the section and enter the keys (from Step 7) into their respective fields.
Click Configure.
You will receive a notification that the plugin is in the process of being configured. After a few moments, you will receive a second notification that the plugin has been configured and is ready for use. Note: If the second notification indicates there was an error configuring the plugin, select Configure again. It should succeed this time. If it does not, contact the 5thColumn support team.

Release Notes

Current Version: 1.0