- Using dashboards
- Managing alerts across Cylance Endpoint Security services
- Managing users, devices, and groups
- Manage CylancePROTECT Desktop and CylanceOPTICS devices
- Manage zones
- Manage devices with the CylancePROTECT Mobile app
- Manage CylancePROTECT Mobile app and CylanceGATEWAY users
- View CylanceAVERT user details
- Manage user groups
- Configure device lifecycle management
- View a list of applications installed on CylancePROTECT Desktop devices
- Remove a registered FIDO device for a user account
- Discover unprotected devices
- Managing threats detected by CylancePROTECT Desktop
- Managing threats detected by CylancePROTECT Mobile
- Managing safe and unsafe lists for CylancePROTECT Desktop and CylancePROTECT Mobile
- Add a file to the CylancePROTECT Desktop global quarantine or global safe list
- Add a file to the CylancePROTECT Desktop local quarantine or local safe list
- Add a certificate to the CylancePROTECT Desktop global safe list
- Add an app, certificate, IP address, domain, or installer source to the CylancePROTECT Mobile safe or restricted list
- Analyzing data collected by CylanceOPTICS
- Using CylanceOPTICS to detect and respond to events
- Monitoring network connections with CylanceGATEWAY
- Monitoring sensitive files with CylanceAVERT
- View mobile OS vulnerabilities
- Auditing administrator actions
- Managing logs
- Send events to a SIEM solution or syslog server
- Enable access to the Cylance User API
- Troubleshooting Cylance Endpoint Security
- Using the BlackBerry Support Collection Tool
- Using the Report a problem feature
- Removing the BlackBerry Connectivity Node software from Cylance Endpoint Security
- Troubleshooting CylancePROTECT Desktop
- Remove the CylancePROTECT Desktop agent from a device
- Re-register a Linux agent
- Troubleshoot update, status, and connectivity issues with CylancePROTECT Desktop
- A large number of DYLD Injection violations are reported by Linux devices
- Time zone variances for CylancePROTECT Desktop
- Folder exclusions when using CylancePROTECT Desktop with third-party security products
- Linux driver is not loaded. Upgrade the driver package.
- Troubleshooting CylanceOPTICS
Sample detection rule
See the following topics to understand the format and options for CAE rules:
{ "States": [ { "Name": "TestFile", "Scope": "Global", "Function": "(a)", "FieldOperators": { "a": { "Type": "Contains", "Operands": [ { "Source": "TargetFile", "Data": "Path" }, { "Source": "Literal", "Data": "my_test_file" } ], "OperandType": "String" } }, "ActivationTimeLimit": "-0:00:00.001", "Actions": [ { "Type": "AOI", "ItemName": "InstigatingProcess", "Position": "PostActivation" }, { "Type": "AOI", "ItemName": "TargetProcess", "Position": "PostActivation" }, { "Type": "AOI", "ItemName": "TargetFile", "Position": "PostActivation" } ], "HarvestContributingEvent": true, "Filters": [ { "Type": "Event", "Data": { "Category": "File", "SubCategory": "", "Type": "Create" } } ] } ], "Paths": [ { "StateNames": [ "NewSuspiciousFile", "CertUtilDecode" ] } ], "Tags": [ "CylanceOPTICS" ] }
To review another example of a custom detection rule, see KB66651.