Management console and platform services Skip Navigation

Management console and platform services

This section contains information about updates to the management console and platform services that impact more than one
Cylance Endpoint Security
service or the general experience of the console. Console changes that impact specific
Cylance Endpoint Security
services are described in the respective sections of this guide.

What's new in the management console

Feature
Description
Date added
User Policy enhancements
The following enhancements have been made to the "Add User or Group" setting (Policies > User Policy) in the management console:
  • You can now search for users and user groups under separate tabs.
  • The search results are displayed in alphabetical order based on a user's or user group's name.
  • By default, a maximum of 50 search results are returned for users and groups, respectively. Administrators must refine their search criteria when more than 50 search results are returned.
February 2024
Support for IDP-initiated Single Sign On
Administrators can now configure their environment so that users can access the
Cylance
console directly from their Identity provider (IDP). If your authenticator was created before December 2023, you can update their environment to enable IDP-initiated Single Sign On to the Cylance console. For more information, see Enhanced authentication sign in.
December 2023
Alerts view enhancements
  • When you view the details of an alert group that contains
    CylancePROTECT Desktop
    threat alerts, you now have the option to add a file to or remove a file from the global safe list or global quarantine list.
  • When viewing alert groups and details for individual alerts, key indicators (script, process, file, and so on) are now represented by icons. You can click a key indicator icon to access different options where applicable, including view (to see full text string values), copy, and filter.
  • When you view the details for an alert group or an individual alert in a group, you can now see a visual representation of the relationship between key indicators (files, users, executables, processes, and so on).
  • You can now add an
    Okta
    connector to the
    Cylance
    console to surface
    Okta
    authorization and access alerts in the Alerts View.
  • You can now add a
    Mimecast
    connector to the
    Cylance
    console to surface
    Mimecast
    risk attachment alerts in the Alerts View.
For more information, see Managing alerts across Cylance Endpoint Security services in the
Cylance Endpoint Security
Administration content.
November 2023
New
JRE
requirement for the
BlackBerry Connectivity Node
The latest version of the
BlackBerry Connectivity Node
(2.14) requires
JRE
17. To download the latest version of the
BlackBerry Connectivity Node
, click here.
For more information, see Set an environment variable for the Java location in the
Cylance Endpoint Security
Setup content.
November 2023
Alerts view enhancements
  • You can now export detailed information for alert groups and the individual alerts within a group to a CSV file.
  • More options have been added for text-based filtering to allow you to efficiently build and modify alert filters.
For more information, see Managing alerts across Cylance Endpoint Security services in the
Cylance Endpoint Security
Administration content.
October 2023
Alerts view enhancement
The Alerts view now supports CylancePROTECT Desktop memory protection alerts, in addition to the previously supported
CylancePROTECT Desktop
threat alerts. The
CylancePROTECT Desktop
cloud services analyze the frequency of identical violation classes and will only surface a unique violation class within a set time period, dramatically reducing the number of unnecessary alerts. This allows you to focus your threat hunting activities on the most relevant events. Note that this feature replaces the existing Protection > Memory Protection view in the management console. The Alerts view will serve as the primary access point for memory protection alerts.
For more information, see Managing alerts across Cylance Endpoint Security services in the
Cylance Endpoint Security
Administration content.
Sept 2023
Configure the idle timeout for administrators
You can now specify how long a session is allowed to remain idle before an administrator is logged out of the management console.
For more information, see Configure the session and idle timeout limits in the
Cylance Endpoint Security
Setup content.
Sept 2023
Reauthentication prompt for console session timeout
When an administrator is a few minutes away from the session timeout limit (Settings > Authentication > Settings tab), the console prompts the administrator with a countdown notification that gives the option to authenticate again to continue the session. If the administrator does not actively respond to the prompt, they are logged out of the console when the timeout limit is reached.
For more information, see Configure the session and idle timeout limits in the
Cylance Endpoint Security
Setup content.
August 2023
Alerts view enhancements
  • The Alerts view now supports alerts from the
    CylancePROTECT Mobile
    app.
  • The Category column has been replaced with a new Classification column and a new Sub-classification column has been added to provide more granular contextual information about alerts.
For more information, see Managing alerts across Cylance Endpoint Security services in the
Cylance Endpoint Security
Administration content.
August 2023
Support for
CylanceGATEWAY
events in the Alerts view
For
CylanceGATEWAY
threat alerts, the Alerts view now supports alerts that are based on the network protection settings that you set. Detections such as IP Reputation, Zero-Day, Signature, and DNS Tunneling alerts are now displayed in the Alerts view. This provides a comprehensive way to review the alerts that are detected by
CylanceGATEWAY
and makes it easier for you to identify and track threats in your environment and resolve collections of alerts more efficiently. The priority for the alerts is determined by your Network Protection settings.
For more information, see Managing alerts across Cylance Endpoint Security services in the
Cylance Endpoint Security
Administration content.
July 2023
Tenant identifier
You can now specify whether the tenant ID, name or both should appear in the SIEM solution or syslog server. This value allows you to easily identify the source tenant in a multiple tenant environment.
For more information, see Configure Cylance Endpoint Security to send events to a SIEM solution or syslog server in the
Cylance Endpoint Security
Syslog content.
June 2023
Syslog enhancements
The syslog message delivery is now using an updated platform for message delivery. The updated platform will provide improved stability and a basis for future enhancements. To ensure uninterrupted delivery of syslog messages to your SIEM solution or syslog server, you must configure them to allow connections from new source IP addresses.
May 2023
Notifications for disabled services
You can now view your notifications for expiring and disabled services in the management console. A notification prompt for new and non-dismissed notifications will display upon login and a message banner will be shown at the top of the console if there are any expiring services.
You can view all of your notifications in the new Notifications tab located in the bottom-left corner of the console.
May 2023
Configure console session timeout
You can specify how long an administrator can remain logged in to the management console before they are signed out, even if the session is active.
For more information, see Configure the session timeout limit in the
Cylance Endpoint Security
Setup content.
May 2023
Alerts view enhancements
  • CylancePROTECT Desktop
    threat alerts displayed in Protection > Threats with an Unsafe, Abnormal, or Quarantined status now have a New status in the Alerts view. Alerts displayed in Protection > Threats with a Waived status now have a Closed status in the Alerts view.
  • The Detection Detail link that allows you to access more information and actions for an individual alert in other areas of the console will now remain active for 60 days for
    CylancePROTECT Desktop
    threat alerts and for 30 days for other types of alerts.
For more information, see Managing alerts across Cylance Endpoint Security services in the
Cylance Endpoint Security
Administration content.
March-April 2023
Update client credentials for
Microsoft Entra ID
Directory Connections
You can now update the client secret or add both a new client ID and client secret after you have set up a directory connection to Microsoft Azure Active Directory.
For more information, see Update the Microsoft Azure Active Directory connection credentials in the
Cylance Endpoint Security
Setup content.
March 2023
Alerts view
The new alerts view gives you a comprehensive way to review the alerts that are detected and correlated across
Cylance Endpoint Security
services, making it easier for you to identify and track prevailing threat patterns in your corporate ecosystem and resolve collections of alerts more efficiently. The correlation of alerts across services offers a more complete view of potential threats and contributes to a more holistic approach to protecting your organization's employees and data.
To view and use the new alerts view, you currently must have an entitlement for CylancePROTECT Desktop or CylanceOPTICS. Future updates will extend the Alerts view to customers with entitlements for other
Cylance Endpoint Security
services.
The initial release of the alerts view supports alerts from the
CylanceOPTICS
agent on desktop devices and threat alerts from
CylancePROTECT Desktop
devices. Future updates will add support for alerts from additional
Cylance Endpoint Security
services.
For more information, see Managing alerts across Cylance Endpoint Security services in the
Cylance Endpoint Security
Administration content.
Feb 2023
Evaluate the risk level of a file
You can use the management console to evaluate the risk level of a file, as analyzed and determined by the CylancePROTECT cloud services. This feature gives you insight into how the
CylancePROTECT Desktop
agent would classify a file that it identifies on a device.
For more information, see Evaluate the risk of a file in the
Cylance Endpoint Security
Administration content.
Feb 2023
Share dashboards
You can now share dashboards that you create in the management console with other administrators.
For more information, see Share a dashboard in the
Cylance Endpoint Security
Administration content.
Feb 2023
Administrator controls for discovery of devices not protected by
CylancePROTECT Desktop
Previously, the discovery of devices not protected by
CylancePROTECT Desktop
was enabled and you did not have the option to disable it. In this release, the management console now includes the option to enable or disable this feature. If you enable the feature, you can discover unprotected devices in your environment for your
Microsoft Entra ID
Active Directory
,
Microsoft Active Directory
, and LDAP directory connections. When the feature is enabled, all of the known devices that are not protected by
CylancePROTECT Desktop
are displayed on the Assets > Unprotected Devices page. Enabling or disabling this feature applies to all of the directory connections that you have connected to
Cylance Endpoint Security
.
For more information, see Discover unprotected devices in the
Cylance Endpoint Security
Administration content.
Jan 2023

BlackBerry Connectivity Node
version

BlackBerry Connectivity Node
version 2.14.0. To download the latest version of the
BlackBerry Connectivity Node
, click here.