- Using dashboards
- Managing alerts across Cylance Endpoint Security services
- Managing users, devices, and groups
- Manage CylancePROTECT Desktop and CylanceOPTICS devices
- Manage zones
- Manage devices with the CylancePROTECT Mobile app
- Manage CylancePROTECT Mobile app and CylanceGATEWAY users
- View CylanceAVERT user details
- Manage user groups
- Configure device lifecycle management
- View a list of applications installed on CylancePROTECT Desktop devices
- Remove a registered FIDO device for a user account
- Discover unprotected devices
- Managing threats detected by CylancePROTECT Desktop
- Managing safe and unsafe lists for CylancePROTECT Desktop and CylancePROTECT Mobile
- Add a file to the CylancePROTECT Desktop global quarantine or global safe list
- Add a file to the CylancePROTECT Desktop local quarantine or local safe list
- Add a certificate to the CylancePROTECT Desktop global safe list
- Add an app, certificate, IP address, domain, or installer source to the CylancePROTECT Mobile safe or restricted list
- Analyzing data collected by CylanceOPTICS
- Using CylanceOPTICS to detect and respond to events
- Auditing administrator actions
- Managing logs
- Send events to a SIEM solution or syslog server
- Enable access to the Cylance User API
- Troubleshooting Cylance Endpoint Security
- Using the BlackBerry Support Collection Tool
- Using the Report a problem feature
- Removing the BlackBerry Connectivity Node software from Cylance Endpoint Security
- Troubleshooting CylancePROTECT Desktop
- Remove the CylancePROTECT Desktop agent from a device
- Re-register a Linux agent
- Troubleshoot update, status, and connectivity issues with CylancePROTECT Desktop
- A large number of DYLD Injection violations are reported by Linux devices
- Time zone variances for CylancePROTECT Desktop
- Folder exclusions when using CylancePROTECT Desktop with third-party security products
- Linux driver is not loaded. Upgrade the driver package.
- Troubleshooting CylanceOPTICS
- Managing threats detected by CylancePROTECT Mobile
- View mobile OS vulnerabilities
- Monitoring network connections with CylanceGATEWAY
- Monitoring sensitive files with CylanceAVERT
View CylanceAVERT event details
CylanceAVERT
event detailsWhen a data exfiltration event occurs, the details of the event will be listed on the
CylanceAVERT
events page. You can click on the row for each event to display further details about the exfiltration event, including the number of sensitive data types involved in the event, a snippet of the event, and download the file involved. The following steps outline how you can find the events page, and the actions you can take to view more details. For encrypted or password protected files, "encrypted file" will display instead of the sensitive data types.The following data collection settings must be enabled to view file snippets and download the full file. See Configure data collection settings for more information.
- Generate File Snippets
- Enable evidence file collection
The following permissions are required to view event information:
- View general events list
- View device names
- View user names
- View policy names
- Link to policy details
- View data entities
- View file details
- Download full file
- In the management console, on the menu bar, clickCylanceAVERT > Events.
- Click a row to view more details about an event.
- In theEvent Detailspane, do any of the following:
- UnderUser details, click the user's name to be directed to the user's information page where you can view any policies, events, or devices associated with the user.
- UnderPolicy Violations, click on a policy to view more information about the policy that was violated.
- UnderFile details, click the information icon to view details about the file, including what type of file it is, the sensitive data types that were scanned, and the number of occurrences of those data types. You can click to view snippet information about the exfiltration event. You can also click to download the file involved in the exfiltration event. Evidence files are downloaded as a compressed .gz file. You will need a utility tool, such as 7zip, to decompress the files and view them.