Management console and platform services
This section contains information about updates to the management console and platform services that impact more than one
Cylance Endpoint Security
service or the general experience of the console. Console changes that impact specific Cylance Endpoint Security
services are described in the respective sections of this guide.What's new in the management console
Feature | Description | Date added |
---|---|---|
Syslog enhancements | The syslog message delivery is now using an updated platform for message delivery. The updated platform will provide improved stability and a basis for future enhancements. To ensure uninterrupted delivery of syslog messages to your SIEM solution or syslog server, you must configure them to allow connections from new source IP addresses. For more information, see Source IP addresses for a SIEM solution or syslog server messages. | May 2023 |
Notifications for disabled services | You can now view your notifications for expiring and disabled services in the management console. A notification prompt for new and non-dismissed notifications will display upon login and a message banner will be shown at the top of the console if there are any expiring services. You can view all of your notifications in the new Notifications tab located in the bottom-left corner of the console. | May 2023 |
Configure console session timeout | You can specify how long an administrator can remain logged in to the management console before they are signed out, even if the session is active. For more information, see Configure the session timeout limit in the Cylance Endpoint Security Setup content. | May 2023 |
Alerts view changes |
For more information, see View and manage aggregated alerts in the Cylance Endpoint Security Administration content. | March-April 2023 |
Update client credentials for Microsoft
Azure Directory Connections | You can now update the client secret or add both a new client ID and client secret after you have set up a directory connection to Microsoft Azure Active Directory. For more information, see Update the Microsoft Azure Active Directory connection credentials in the Cylance Endpoint Security Setup content. | March 2023 |
Alerts view | The new alerts view gives you a comprehensive way to review the alerts that are detected and correlated across Cylance Endpoint Security services, making it easier for you to identify and track prevailing threat patterns in your corporate ecosystem and resolve collections of alerts more efficiently. The correlation of alerts across services offers a more complete view of potential threats and contributes to a more holistic approach to protecting your organization's employees and data.To view and use the new alerts view, you currently must have an entitlement for CylanceOPTICS. Future updates will extend the Alerts view to customers with entitlements for other Cylance Endpoint Security services.The initial release of the alerts view supports alerts from the CylanceOPTICS agent on desktop devices and threat alerts from CylancePROTECT Desktop devices. Future updates will add support for alerts from additional Cylance Endpoint Security services.For more information, see Managing aggregated alerts in the Cylance Endpoint Security Administration content. | Feb 2023 |
Evaluate the risk level of a file | You can use the management console to evaluate the risk level of a file, as analyzed and determined by the CylancePROTECT cloud services. This feature gives you insight into how the CylancePROTECT Desktop agent would classify a file that it identifies on a device.For more information, see Evaluate the risk of a file in the Cylance Endpoint Security Administration content. | Feb 2023 |
Share dashboards | You can now share dashboards that you create in the management console with other administrators. For more information, see Share a dashboard in the Cylance Endpoint Security Administration content. | Feb 2023 |
Administrator controls for discovery of devices not protected by CylancePROTECT Desktop | Previously, the discovery of devices not protected by CylancePROTECT Desktop was enabled and you did not have the option to disable it. In this release, the management console now includes the option to enable or disable this feature. If you enable the feature, you can discover unprotected devices in your environment for your Microsoft
Azure Active
Directory , Microsoft Active
Directory , and LDAP directory connections. When the feature is enabled, all of the known devices that are not protected by CylancePROTECT Desktop are displayed on the Assets > Unprotected Devices page. Enabling or disabling this feature applies to all of the directory connections that you have connected to Cylance Endpoint Security .For more information, see Discover unprotected devices in the Cylance Endpoint Security Administration content. | Jan 2023 |
Default authentication | To enhance security, the default authenticator for all apps and services except the Cylance console, CylanceGATEWAY agent, and CylancePROTECT Mobile app has been changed from Enterprise password to Deny authentication.Users that do not have an authentication policy assigned to them are presented with an error message when they try to access apps or services and cannot sign in. | Dec 2022 |
FIDO authenticator | You can now add FIDO as an authenticator in authentication policies. Users can register one or more FIDO2 devices during sign in and use them to verify their identity. | Dec 2022 |
Identify devices not protected by CylancePROTECT Desktop | The new Unprotected Devices page (Assets > Unprotected Devices) displays a list of known devices that are not protected by CylancePROTECT Desktop . Administrators can export the device list and take action to protect those devices and their network from potential threats. This feature requires BlackBerry Connectivity Node 2.12.1 or later.For more information, see Discover unprotected devices in the Cylance Endpoint Security Administration content. | Oct 2022 |
BlackBerry Connectivity Node enhancements | The BlackBerry Connectivity Node now supports identifying devices that are not protected by CylancePROTECT Desktop . | Oct 2022 |
New SAML and Deny authenticators and skip OTP option | Cylance Endpoint Security now supports integration with third-party IDPs that support SAML (Azure , Okta , Ping Identity ) for use in authentication policies. Administrators can migrate existing SAML configurations from Custom Authentication settings to the new Enhanced Authentication framework.A new a “Deny” authenticator can be added to authentication policies to explicitly deny authentication to a product or service. During authentication, if the Deny Authenticator is found, authentication will be rejected for the user and an error message is presented. Administrators can allow users to skip OTP setup for a specified number of times without losing access to the console. Any existing polices that include the one-time password authenticator will automatically use the default setting of zero skips allowed. For more information, see Add an authenticator in the Cylance Endpoint Security Setup content. | August 2022 |
BlackBerry Connectivity Node version
BlackBerry Connectivity Node
versionBlackBerry Connectivity Node
version 2.12.1 (bundle 28.11.0). To download the latest version of the BlackBerry Connectivity Node
, click here.