Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance Endpoint Security Release Notes
  4. Management console and platform services

Management console and platform services

This section contains information about updates to the management console and platform services that impact more than one
Cylance Endpoint Security
 service or the general experience of the console. Console changes that impact specific
Cylance Endpoint Security
 services are described in the respective sections of this guide.

What's new in the management console

Feature
Description
Date added
New look and feel to the Endpoint Security Console
We’re excited to share that the Endpoint Security console has been renamed to the Aurora Endpoint Defense Console. It has a new look and feel to represent the transition to Arctic Wolf.
All existing features and workflows remain the same, and you do not have to uninstall and reinstall your agents. However, you will see new branding and some updated names. New names include Aurora Protect (formerly CylancePROTECT) and Aurora Focus (formerly CylanceOPTICS).
April 2025
Alerts view enhancements for Aurora Focus (formerly CylanceOPTICS)
When you open an alert group from the Alerts view, you can:
  • View the rule ID and description details from the Overview pane.
  • Create an exception for Focus detections from the Actions menu.
When you click a specific alert from within an alert group, in the right pane, you can:
  • Export a full detections record of the alert in .json format.
  • View the IP address, logged on user, and device policy name.
  • Perform actions specific to an artifact associated with an alert (such as request process focus, file focus, file download, or quarantine the file).
  • Lock down the device.
  • View a more detailed event description
April 2025
Device policy UI redesign
The UI for creating and configuring a device policy has been redesigned to make it easier and more intuitive to create and update device policies.
For more information, see Create and manage a device policy.
January 2025
Device lifecycle management enhancement
In environments that have not configured the device lifecycle management feature in the management console (Settings > Device Lifecycle), the feature is enabled by default and is set to update the device statuses to Inactive after they have been offline for 60 days or more. Inactive devices are permanently removed from the console 60 days later.
This change does not affect environments that have enabled and fully configured the device lifecycle management.
For more information, see the following:
January 2025
Updates to focus view
Previously in Assets > Devices, you could click the option to create focus data for alerts older than 30 days, even though focus data could not be generated due to the age of the alert. In this update, the option to create focus data can no longer be selected for alerts older than 30 days.
For focus data you have already generated, you cannot access the focus data after 90 days have passed.
November 2024
Updates to zone policies
You can now choose to not assign an associated device policy to a zone in the Zones screen. Administrators can use zones to manage devices without an associated device policy while making sure that a device's currently assigned device policy remains unchanged. When devices are added to a zone with the device policy set to None, they will no longer be automatically assigned to an associated device policy.
For more information, see Add and configure a zone.
November 2024
Improvements to the Devices grid view
The Devices grid (Assets > Devices) has been improved for an enhanced search experience for managing devices.
  • Ability to easily specify one or more ranges of IP address when filtering the list of devices. The range of IP addresses can also be used for zone rules.
  • A standardized date picker now appears when specifying date fields.
  • Saved queries that can be applied as zone rules are now indicated with an asterisk (*).
  • Ability to specify a field more than once in a query.
  • The Display Name column is now available to search for a named device.
  • Ability to delete recent queries from the list.
October 2024
Duo Universal MFA
You can now add
Duo
 Universal MFA for multi-factor authentication. 
Duo
 has ended support for their
Duo
 Traditional Prompt. For more information, see the Duo Knowledge Base. If you already have the now deprecated
Duo
 MFA authenticator configured, you must add the new
Duo
 Universal MFA authenticator or users might not authenticate successfully. The configured
Duo
 MFA authenticator will be displayed as read only in the
Cylance
 console.
July 2024
New Devices grid view for managing devices
This is a preview of changes to come for the Devices grid that is fully functional and can be used as an alternate way to manage your devices. Enhancements will continue in the near future to add more filter criteria and new experiences.  The following features can be used today:
  • Search for your devices using a query-based experience with multiple expressions, giving you more flexibility to find the devices you want.
  • Save your frequently used queries with a friendly name that is easy to remember so that you can quickly load them later.
  • Saved queries are used to automatically add devices to a zone when you add a zone rule.
  • Adjust the density of information displayed on the grid as well as pin columns for improved legibility.
  • Export a list of more than 10,000 devices at once.
  • Switch between the legacy view and the new view from the top right corner of the (Assets > Devices) screen.
July 2024
Automated zone management
Devices can now be automatically added to a zone when they match the zone rules criteria and also be automatically removed from a zone when they don't match the criteria.
When you add a zone rule to a new zone, you need to specify a saved query (from the new Devices grid view) and whether you want devices to be automatically removed. The list of devices in the results of the saved query indicates the devices that will be automatically added to the zone. It is recommended to run a saved query and verify the list of devices in the results before using it for zone rules.
By default, devices that are added automatically to the zone will follow the zone rules. If the automatic device removal option is selected in the zone rules, devices that follow the zone rules will be automatically removed from the zone when they don't meet the zone rules criteria. You can also manually add devices that ignore the zone rules so they aren't automatically removed from the zone. When managing a zone, you can change whether a device follows or ignores the zone rules.
With the introduction of automated zones, you cannot modify the zone rules of legacy zones that were created prior to this update, but the legacy zones will continue to function as before. To take advantage of the automated zones, you can migrate devices from legacy zones by copying devices to a newly created zone or by creating a new saved query filter using the new device grid and using it for the zone rule. In the new zone, you can change the associated policy and ensure it works properly according to your needs before you remove the legacy zone.
July 2024
Simplify the configuration of a new tenant
When you create a new
Cylance Endpoint Security
 tenant, the tenant now includes preconfigured zones and preconfigured device policies that are designed to help you tune your environment to the desired security posture.
You also have the option to export the configuration of an existing tenant and import it to a new tenant, or to reset a new tenant to use preconfigured zones and preconfigured device policies.
July 2024
Reset password enhancement
When users reset their password, a confirmation message that includes the email address that a reset password email is sent to will be displayed.
June 2024
CylanceMDR
 On-Demand
The
CylanceMDR
 On-Demand subscription is a convenient and helpful option if your organization monitors the alerts that are reported to the
CylanceMDR
 console. With this subscription, you can request
CylanceMDR
 support on demand for any alerts that you think might be a threat but you need the time and expertise of a
CylanceMDR
 analyst to help you resolve it. You can request support from an alert group in the Alerts view in the
Cylance
 console.
CylanceMDR
 analysts are immediately notified with the alert details and can start their investigation and assess the threat. To follow up on the investigation (for example, to share additional details), you can log in to the
CylanceMDR
 (CylanceGUARD) portal and find the alert in the Escalations screen.
For more information, see View and manage aggregated alerts.
May 2024
Alerts view enhancement:
Cylance Assistant
 for
CylanceOPTICS
 alert groups
In the Alerts view, you can use the AI-powered
Cylance Assistant
 to provide a summary analysis of a
CylanceOPTICS
 alert group, and detailed analysis for process artifacts within the group (for example, command line processes). The
Cylance Assistant
 leverages rich cybersecurity knowledge sources to provide valuable information to aid you in your threat investigations.
  • To access the
    Cylance Assistant
     in the Alerts view, you must contact your
    BlackBerry
     account representative to request enablement of this feature.
  • Currently, the
    Cylance Assistant
     is available for
    CylanceOPTICS
     alerts only. Future updates will extend this functionality to other
    Cylance
     products and services.
  • BlackBerry
     does not use any customer data to train the AI that powers the
    Cylance Assistant
    .
May 2024
Alerts view enhancement: Support for script control alerts
The Alerts view now supports
CylancePROTECT Desktop
 script control alerts, including the ability to add a file associated with a script control alert to the global safe list.
April 2024
Alerts view enhancements
  • After you filter alert groups by the desired criteria, you can now select and bulk delete all of the alert groups in the filter results, or select alert groups.
  • You can now export alert groups or the alerts within a group in JSON format.
March 2024
Console sign in enhancement
By default, new tenants now require administrators to enter a one-time password, in addition to the
Cylance
 console password, each time that they try to access the console. Existing customers can update the authentication policy to add the One-Time Password requirement. New tenants can remove the One-Time Password requirement after an administrator sign-in to the console for the first time.
For more information, see Enhanced authentication sign in.
March 2024
User Policy enhancements
The following enhancements have been made to the "Add User or Group" setting (Policies > User Policy) in the management console:
  • You can now search for users and user groups under separate tabs.
  • The search results are displayed in alphabetical order based on a user's or user group's name.
  • By default, a maximum of 50 search results are returned for users and groups, respectively. Administrators must refine their search criteria when more than 50 search results are returned.
February 2024

BlackBerry Connectivity Node
 version

BlackBerry Connectivity Node
 version 2.14.0. To download the latest version of the
BlackBerry Connectivity Node
, click here.