- Application management
- RESTful API
- User API
- Device API
- Get devices
- Get devices extended
- Get device count
- Get device
- Get device by MAC address
- Get device by hostname
- Update device
- Get device threat
- Update device threat
- Get zone devices
- Get agent installer link
- Delete Devices
- Get Device Lifecycle Management settings
- Update Device Lifecycle Management Settings
- Exempt devices from the Device Lifecycle Management process
- Include devices in the Device Lifecycle Management process
- Reset the inactive period for a list of devices that are included in the Device Lifecycle Management process
- Global list API
- Policy API
- Zone API
- Threat API
- Memory protection API
- Detections API
- Package deployment API
- Detection rule API
- Detection rule sets API
- Detection exceptions API
- Device commands API
- Focus view API
- InstaQuery API
- CylanceOPTICS policy API
- Lockdown configurations API
- BlackBerry Docs
- Cylance Endpoint Security
- Cylance User API guide
- Package deployment API
Package deployment API
CylanceOPTICS
users can now interact with a hardened Python
interpreter that is present locally on each endpoint that is running CylanceOPTICS
v2.3.1000 or later. This new feature allows users to interact with their endpoints in an efficient and technical manner to accomplish tasks on endpoints in an automated fashion. By default, Cylance
is supporting 5 capabilities to collect different forensic artifacts from targeted endpoints. These capabilities include:- Collecting master file table (MFT) artifacts from NTFS volumes.
- Collecting entireWindowsregistry hives from endpoints.
- Collecting entireWindowsevent log files from endpoints.
- Collecting web browser history databases fromChrome,Firefox,Internet Explorer, Edge,Opera, andSafari.
- Collecting common application execution records, including Amcache, Prefetch, and Shimcache.
Users can also configure and deploy custom packages to conduct custom, scripted actions against endpoints. This allows customers to upload in-house or third-party scripts and applications to
Cylance
’s cloud services and deploy them to endpoints. This scripting is done via interacting with the local Python
interpreter built into CylanceOPTICS
, allowing for an easily extensible set of capabilities.After packages have been deployed and executed on endpoints, users can automatically upload the resulting data to SMB shares or SFTP servers for centralized collection and analysis by other forensic or incident response tools. Users can also configure packages to store the results locally on the endpoints for retrieval at a later time.
The
CylanceOPTICS
package deployment supports up to 20 packages for your organization. Each package has a maximum file size of 70MB. These capabilities and workflows around the package deployment feature are exposed via Cylance
’s API.