CylancePROTECT is an advanced threat protection program that utilizes machine learning and artificial intelligence to categorize files and running processes. Files deemed ‘unsafe’ or ‘abnormal’ are quarantined, while memory exploit attempts are blocked.
Configuring the Connector for CylancePROTECT #
To configure Lucidum to ingest data from CylancePROTECT:
-
Log in to Lucidum.
-
In the left pane, click Connector.
-
In the Connector page, click Add Connector.
-
Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.
-
In the Settings page, enter the following:
-
URL (required): The URL of the Cylance API, for example, https://protectapi.cylance.com
-
Client ID and Secret (required): Cylance API application ID and secret
-
Tenant IDÂ (required): Cylance tenant ID
-
Verify SSL. For future use.
-
-
To test the configuration, click Test.
-
If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.
-
If the connector is not configured correctly, Lucidum displays an error message.
-
