Management console and platform services Skip Navigation

Management console and platform services

This section contains information about updates to the management console and platform services that impact more than one
Cylance Endpoint Security
service or the general experience of the console. Console changes that impact specific
Cylance Endpoint Security
services are described in the respective sections of this guide.

What's new in the management console

Feature
Description
Date added
Syslog enhancements
The syslog message delivery is now using an updated platform for message delivery. The updated platform will provide improved stability and a basis for future enhancements. To ensure uninterrupted delivery of syslog messages to your SIEM solution or syslog server, you must configure them to allow connections from new source IP addresses.
May 2023
Notifications for disabled services
You can now view your notifications for expiring and disabled services in the management console. A notification prompt for new and non-dismissed notifications will display upon login and a message banner will be shown at the top of the console if there are any expiring services.
You can view all of your notifications in the new Notifications tab located in the bottom-left corner of the console.
May 2023
Configure console session timeout
You can specify how long an administrator can remain logged in to the management console before they are signed out, even if the session is active.
For more information, see Configure the session timeout limit in the
Cylance Endpoint Security
Setup content.
May 2023
Alerts view changes
  • CylancePROTECT Desktop
    threat alerts displayed in Protection > Threats with an Unsafe, Abnormal, or Quarantined status now have a New status in the Alerts view. Alerts displayed in Protection > Threats with a Waived status now have a Closed status in the Alerts view.
  • The Detection Detail link that allows you to access more information and actions for an individual alert in other areas of the console will now remain active for 60 days for
    CylancePROTECT Desktop
    threat alerts and for 30 days for other types of alerts.
For more information, see View and manage aggregated alerts in the
Cylance Endpoint Security
Administration content.
March-April 2023
Update client credentials for
Microsoft Azure
Directory Connections
You can now update the client secret or add both a new client ID and client secret after you have set up a directory connection to Microsoft Azure Active Directory.
For more information, see Update the Microsoft Azure Active Directory connection credentials in the
Cylance Endpoint Security
Setup content.
March 2023
Alerts view
The new alerts view gives you a comprehensive way to review the alerts that are detected and correlated across
Cylance Endpoint Security
services, making it easier for you to identify and track prevailing threat patterns in your corporate ecosystem and resolve collections of alerts more efficiently. The correlation of alerts across services offers a more complete view of potential threats and contributes to a more holistic approach to protecting your organization's employees and data.
To view and use the new alerts view, you currently must have an entitlement for CylanceOPTICS. Future updates will extend the Alerts view to customers with entitlements for other
Cylance Endpoint Security
services.
The initial release of the alerts view supports alerts from the
CylanceOPTICS
agent on desktop devices and threat alerts from
CylancePROTECT Desktop
devices. Future updates will add support for alerts from additional
Cylance Endpoint Security
services.
For more information, see Managing aggregated alerts in the
Cylance Endpoint Security
Administration content.
Feb 2023
Evaluate the risk level of a file
You can use the management console to evaluate the risk level of a file, as analyzed and determined by the CylancePROTECT cloud services. This feature gives you insight into how the
CylancePROTECT Desktop
agent would classify a file that it identifies on a device.
For more information, see Evaluate the risk of a file in the
Cylance Endpoint Security
Administration content.
Feb 2023
Share dashboards
You can now share dashboards that you create in the management console with other administrators.
For more information, see Share a dashboard in the
Cylance Endpoint Security
Administration content.
Feb 2023
Administrator controls for discovery of devices not protected by
CylancePROTECT Desktop
Previously, the discovery of devices not protected by
CylancePROTECT Desktop
was enabled and you did not have the option to disable it. In this release, the management console now includes the option to enable or disable this feature. If you enable the feature, you can discover unprotected devices in your environment for your
Microsoft Azure
Active Directory
,
Microsoft Active Directory
, and LDAP directory connections. When the feature is enabled, all of the known devices that are not protected by
CylancePROTECT Desktop
are displayed on the Assets > Unprotected Devices page. Enabling or disabling this feature applies to all of the directory connections that you have connected to
Cylance Endpoint Security
.
For more information, see Discover unprotected devices in the
Cylance Endpoint Security
Administration content.
Jan 2023
Default authentication
To enhance security, the default authenticator for all apps and services except the
Cylance
console,
CylanceGATEWAY
agent, and
CylancePROTECT Mobile
app has been changed from Enterprise password to Deny authentication.
Users that do not have an authentication policy assigned to them are presented with an error message when they try to access apps or services and cannot sign in.
Dec 2022
FIDO
authenticator
You can now add
FIDO
as an authenticator in authentication policies. Users can register one or more
FIDO2
devices during sign in and use them to verify their identity.
Dec 2022
Identify devices not protected by
CylancePROTECT Desktop
The new Unprotected Devices page (Assets > Unprotected Devices) displays a list of known devices that are not protected by
CylancePROTECT Desktop
. Administrators can export the device list and take action to protect those devices and their network from potential threats. This feature requires
BlackBerry Connectivity Node
2.12.1 or later.
For more information, see Discover unprotected devices in the
Cylance Endpoint Security
Administration content.
Oct 2022
BlackBerry Connectivity Node
enhancements
The
BlackBerry Connectivity Node
now supports identifying devices that are not protected by
CylancePROTECT Desktop
.
Oct 2022
New SAML and Deny authenticators and skip OTP option
Cylance Endpoint Security
now supports integration with third-party IDPs that support SAML (
Azure
,
Okta
,
Ping Identity
) for use in authentication policies. Administrators can migrate existing SAML configurations from Custom Authentication settings to the new Enhanced Authentication framework.
A new a “Deny” authenticator can be added to authentication policies to explicitly deny authentication to a product or service. During authentication, if the Deny Authenticator is found, authentication will be rejected for the user and an error message is presented.
Administrators can allow users to skip OTP setup for a specified number of times without losing access to the console. Any existing polices that include the one-time password authenticator will automatically use the default setting of zero skips allowed.
For more information, see Add an authenticator in the
Cylance Endpoint Security
Setup content.
August 2022

BlackBerry Connectivity Node
version

BlackBerry Connectivity Node
version 2.12.1 (bundle 28.11.0). To download the latest version of the
BlackBerry Connectivity Node
, click here.