Configure Cylance Endpoint Security to send events to a SIEM solution or syslog server Skip Navigation

Configure
Cylance Endpoint Security
to send events to a SIEM solution or syslog server

  1. In the management console, on the menu bar, click
    Settings > Application
    .
  2. Click the
    Syslog/SIEM
    checkbox.
  3. Select the events that you want to send to your organization's SIEM solution or syslog server.
  4. Select or type in the information for your SIEM or syslog integration. The other sections in this guide provide details and descriptions for each option.
  5. In the
    SIEM
    drop-down list, click the appropriate SIEM solution or syslog server.
  6. In the
    Protocol
    drop-down list, click the appropriate protocol. If you choose TCP, it is a best practice to select the
    TLS/SSL
    check box to ensure that the syslog message is encrypted in transit (verify that your SIEM solution or syslog server is configured to listen for messages).
  7. If you want to include the full contents of fields with command line values, select the
    Allow messages over 2 KB
    check box. Currently this applies only to certain
    CylanceOPTICS
    message values.
    If you do not select this option, command line values in messages are truncated as necessary to keep the size of messages under 2 KB.
  8. In the
    IP/Domain
    field, type the FQDN or IP address of the SIEM solution or syslog server.
  9. In the
    Port
    field, type the port number that you want the SIEM solution or syslog server to listen on for messages. The port number must be between 1 and 65535.
  10. In the
    Severity
    drop-down list, click the severity of the messages that should appear in the SIEM solution or syslog server. This value does not change the messages that are sent to the SIEM solution or syslog server.
  11. In the
    Facility
    drop-down list, click the type of application that is logging the message. This value is used to categorize the messages that are received by the SIEM solution or syslog server.
  12. If necessary, in the
    Custom Token
    field, type the custom token that your organization’s log management service (for example, SumoLogic) requires for SIEM or syslog messages.
  13. Click
    Test Connection
    to verify that your settings are correct.
  14. Click
    Save
    .