- Using dashboards
- Managing alerts across Cylance Endpoint Security services
- Managing users, devices, and groups
- Manage CylancePROTECT Desktop and CylanceOPTICS devices
- Manage zones
- Manage devices with the CylancePROTECT Mobile app
- Manage CylancePROTECT Mobile app and CylanceGATEWAY users
- Managing CylanceAVERT users
- Manage user groups
- Configure device lifecycle management
- Remove a registered FIDO device for a user account
- Discover unprotected devices
- Managing threats detected by CylancePROTECT Desktop
- Managing threats detected by CylancePROTECT Mobile
- Managing safe and unsafe lists for CylancePROTECT Desktop and CylancePROTECT Mobile
- Add a file to the CylancePROTECT Desktop global quarantine or global safe list
- Add a file to the CylancePROTECT Desktop local quarantine or local safe list
- Add a certificate to the CylancePROTECT Desktop global safe list
- Add an app, certificate, IP address, or domain to a CylancePROTECT Mobile safe or restricted list
- Analyzing data collected by CylanceOPTICS
- Using CylanceOPTICS to detect and respond to events
- Monitoring network connections with CylanceGATEWAY
- Monitoring sensitive files with CylanceAVERT
- View mobile OS vulnerabilities
- Auditing administrator actions
- Managing logs
- Send events to a SIEM solution or syslog server
- Enable access to the Cylance User API
- Troubleshooting Cylance Endpoint Security
- Using the BlackBerry Support Collection Tool
- Removing the BlackBerry Connectivity Node software from Cylance Endpoint Security
- Troubleshooting CylancePROTECT Desktop
- Remove the CylancePROTECT Desktop agent from a device
- Re-register a Linux agent
- Troubleshoot update, status, and connectivity issues with CylancePROTECT Desktop
- A large number of DYLD Injection violations are reported by Linux devices
- Time zone variances for CylancePROTECT Desktop
- Folder exclusions when using CylancePROTECT Desktop with third-party security products
- Linux driver is not loaded. Upgrade the driver package.
- Troubleshooting CylanceOPTICS
- BlackBerry Docs
- Cylance Endpoint Security
- Administration
- Cylance Endpoint Security Administration Guide
- Using CylanceOPTICS to detect and respond to events
- Create a package playbook to respond to events
Create a package playbook to respond to events
When a security incident occurs on a device, you can minimize your response time by creating a package playbook. A package playbook allows you to automate the execution of refract packages when an event triggers a Context Analysis Engine (CAE) rule that you have configured in a detection rule set.
Package playbooks support
Python
refract packages only. You can use out-of-the-box refract packages that are available in the management console, or you can add your own custom refract packages. The contents of a package playbook are stored on the device, so they can be executed even if the device is offline. You can create a maximum of 100 package playbooks.- If desired, create aPythonrefract package that can execute on a device when a detection rule is triggered. For more information about creating a custom package, visit support.blackberry.com/community to read article 66563.
- If you create your own package, you must upload it to the management console. In the console, go toCylanceOPTICS > Configurations > Packages, then clickUpload file.
- In the management console, on the menu bar, clickCylanceOPTICS > Configurations, then click thePlaybookstab.
- ClickCreate Playbook.If you want to clone an existing package playbook, filer the list of playbooks to the desired playbook and click
.
- Type a name and description.
- In theCollection Typedrop-down list, click the location where you want to store the data that the package will collect.
- Localsaves the data at the indicated path on the device.
- If you selectSFTP,SMB, orS3, specify the required information.
- ClickNext.
- In thePackagedrop-down list, click a package that you want to include in the package playbook. If necessary, specify optional command line arguments.
- ClickAdd Another Packageto add additional packages. You can add a maximum of 20 packages to a package playbook.
- ClickSave.
On the menu bar, click
CylanceOPTICS > Configurations > Rule Sets
. Edit a detection rule set and assign the package playbook to the desired rules. Click Confirm
. You can associate up to 10 package playbooks to each detection rule.