Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Administration
  4. Cylance Endpoint Security Administration Guide
  5. Managing threats detected by CylancePROTECT Desktop
  6. Using CylancePROTECT Desktop reports

Using
CylancePROTECT Desktop
 reports

On the menu bar, you can click Reports to view the following
CylancePROTECT Desktop
 reports. The reports are interactive, allowing you to select pieces of data to view further details.
Report
Description
CylancePROTECT overview
This report provides an executive summary of
CylancePROTECT Desktop
 usage, including a count of zones and devices, the percentage of devices covered by auto-quarantine and memory protection, and summaries of threat events, memory violations, agent versions, and an offline count for
CylancePROTECT Desktop
 devices.
Threat event summary
This report shows the number of files identified as malware or potentially unwanted programs (PUPs) and includes a breakdown of specific sub-categories. The top ten lists for file owners and devices with threats display threat event counts for the malware, PUPs, and dual use threat families.
Device summary
This report displays summary data for
CylancePROTECT Desktop
 devices.
Threat events
This report provides detailed data for threat events identified by the
CylancePROTECT Desktop
 agent.
Devices
This report displays a count of
CylancePROTECT Desktop
 devices by OS.
Reports display threats in an event-based manner. An event represents an individual instance of a threat. For example, if a particular file is in three different folder locations on a device, the threat event count will equal three. Reporting data is refreshed approximately every three minutes. You can export the CylancePROTECT overview, threat event summary, and device summary reports as a .png file, and the threat events and devices reports as a .csv file.

Retrieving threat data reports with a third-party application

You can also access and download detailed threat data reports using the URLs listed in the Threat Data Report section in Settings > Application. The URLs use a unique token that is generated by the management console and displayed in Settings > Application. You can delete and regenerate the token as necessary. Note that regenerating the token will make previous tokens invalid. If you want to use a third-party application to retrieve reports from these URLs, the application and the host OS must use: