- Using dashboards
- Managing alerts across Cylance Endpoint Security services
- Managing users, devices, and groups
- Manage CylancePROTECT Desktop and CylanceOPTICS devices
- Manage zones
- Manage devices with the CylancePROTECT Mobile app
- Manage CylancePROTECT Mobile app and CylanceGATEWAY users
- View CylanceAVERT user details
- Manage user groups
- Configure device lifecycle management
- View a list of applications installed on CylancePROTECT Desktop devices
- Remove a registered FIDO device for a user account
- Discover unprotected devices
- Managing threats detected by CylancePROTECT Desktop
- Managing threats detected by CylancePROTECT Mobile
- Managing safe and unsafe lists for CylancePROTECT Desktop and CylancePROTECT Mobile
- Add a file to the CylancePROTECT Desktop global quarantine or global safe list
- Add a file to the CylancePROTECT Desktop local quarantine or local safe list
- Add a certificate to the CylancePROTECT Desktop global safe list
- Add an app, certificate, IP address, domain, or installer source to the CylancePROTECT Mobile safe or restricted list
- Analyzing data collected by CylanceOPTICS
- Using CylanceOPTICS to detect and respond to events
- Monitoring network connections with CylanceGATEWAY
- Monitoring sensitive files with CylanceAVERT
- View mobile OS vulnerabilities
- Auditing administrator actions
- Managing logs
- Send events to a SIEM solution or syslog server
- Enable access to the Cylance User API
- Troubleshooting Cylance Endpoint Security
- Using the BlackBerry Support Collection Tool
- Using the Report a problem feature
- Removing the BlackBerry Connectivity Node software from Cylance Endpoint Security
- Troubleshooting CylancePROTECT Desktop
- Remove the CylancePROTECT Desktop agent from a device
- Re-register a Linux agent
- Troubleshoot update, status, and connectivity issues with CylancePROTECT Desktop
- A large number of DYLD Injection violations are reported by Linux devices
- Time zone variances for CylancePROTECT Desktop
- Folder exclusions when using CylancePROTECT Desktop with third-party security products
- Linux driver is not loaded. Upgrade the driver package.
- Troubleshooting CylanceOPTICS
Sample CylanceOPTICS EQL queries
CylanceOPTICS
EQL queriesQuery DNS lookups for a specified URL:
network where dns.questions.question_name == "<URL>"
Query a specified WMI namespace:
application where event.subcategory == "wmi" and wmi_trace.namespace == "<namespace>"
Query files with any of the specified SHA256 values:
file where file.sha256 in ("<value>", "<value>", "<value>")
Query processes with the specified process name:
process where process.name == "<name>"
Query processes where the command line contains a specified string:
process where process.command_line like "<string>"
Query information about network connections to a specified IP address on a specified port:
network where network.destination.ip_address == "<IP>" and network.destination.port == "<port>"