Cylance Endpoint Security requirements
Logging in to the management console
- Custom authentication
- Enhanced authentication sign in
  - Sign in to the Cylance Endpoint Security management console using enhanced authentication
  - Generate a new SSO callback URL
Installing the BlackBerry Connectivity Node
Linking to your company directory
Setting up administrators
Adding users and devices
Enrolling CylancePROTECT Mobile and CylanceGATEWAY users
- Create an enrollment policy
- Supported enrollment email variables
Setting up zones to manage CylancePROTECT Desktop and CylanceOPTICS
- Add and configure a zone
Setting up CylancePROTECT Desktop
Setting up CylancePROTECT Mobile
Setting up CylanceOPTICS
- Install the CylanceOPTICS agent on devices
  - Configuration requirements for macOS 11.x and later
  - OS commands for the CylanceOPTICS agent
- Enable and configure CylanceOPTICS
Setting up CylanceGATEWAY
Setting up CylanceAVERT
Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents
- Manage updates for the CylancePROTECT Desktop and CylanceOPTICS agents
Connecting Cylance Endpoint Security to external services
- Integrating Cylance Endpoint Security with Okta
  - Prerequisites for adding an Okta connector
  - Add and configure an Okta connector
- Integrating Cylance Endpoint Security with Mimecast
  - Prerequisites for adding a Mimecast connector
  - Add and configure a Mimecast connector
Appendix: Best practices for deploying CylancePROTECT Desktop on Windows virtual machines

ACL parameters

The ACL is an ordered list of rules that defines what happens when a

CylanceGATEWAY

user attempts to access a destination on the Internet or your private network. Each rule includes several parameters that can specify destinations, users, and other factors that a rule can match with and the action to take when a rule matches. If a network access attempt does not match any ACL rules, access is blocked.

When you add or edit ACL rules, the updates are added to a list of draft rules until you commit them. Each administrator has their own draft rule list. If an administrator commits a rule update, all other administrators with a draft rule list will be notified to delete or update their draft rule list before continuing.

Each rule can include the following parameters:

Item	Description
General information
Name	This is a name for the rule.
Description	This is a brief description of the purpose for the rule.
Enabled	This setting specifies that the rule is part of the ACL. You can turn off this option to disable the rule without deleting it.
Action
Action	This setting specifies whether to allow or block access if the attempt matches the rule. If allowed to continue, the access attempt may be evaluated again during the next phases of the attempt.
Check addresses against network protection	If the rule Action allows access, this setting specifies whether CylanceGATEWAY still blocks the connection if it detects a potential network threat. You should keep this option selected unless specified users need to connect to potentially malicious destinations.
Display a blocked notification message on devices	If the rule Action blocks access, this setting specifies a notification message that displays on the device when an access attempt is blocked.
Traffic Privacy	This setting specifies whether the network access attempts are displayed in the Network Events screen ( CylanceGATEWAY > Events). You may want to enable Traffic Privacy for liability or privacy reasons. When this setting is enabled, network access attempts are not displayed in the Network Events screen. If your environment sends events to a SIEM solution or syslog server and the connection attempt matches a rule with traffic privacy, the events are not sent to the SIEM solution or syslog server.
Content logging	This setting specifies whether the Network Events > Events Details page should include originally plain-text, unencrypted HTTP connection data. HTTP flows are not decrypted. When this setting is enabled, a summary of the request and response details of an event are included in the Events Details page. You can view all of the HTTP transactions within an event. The Events Details page includes the first three HTTP events of the total number of events. You can view all the events and the details that are associated with each one. If you create a rule that includes both Traffic Privacy and Content logging, traffic privacy takes precedence.
Ignore port	This setting specifies whether the destination port of the access control attempt should be evaluated or ignored as part of this rule.
Destinations
Target	Targets can be defined by a network service, a set of addresses, a set of addresses with defined protocols and ports, or only defined protocols and ports. You can select one of the following options: Not applicable: The rule does not include destinations. For example, the rule specifies only categories, or you may want to create a rule that allows all access attempts for specific users unless the connection is blocked by network protection. Matches any: The rule applies if the destination matches any target specified in the rule. Does not match: The rule applies if the destination does not match any target specified in the rule.
Network services	You can select one or more network services.
Address	This setting specifies the IP addresses, FQDNs, or wildcard domains for the destination address. IP addresses can be in IPv4 or IPv6 format and can be represented by a single IP, an IP range, or CIDR notation. For example, the following address formats are supported: Single IP address: 172.16.10.2 IP Address range: 172.16.10.0 - 172.16.10.255 CIDR: 172.16.10.0/24 FQDN: domain.example.com Domain with wildcard: *.example.com
Protocol	This setting specifies whether the rule matches connection attempts using TCP, UDP, or both. If you do not select an option, the default is both TCP and UDP on all ports.
Port	This setting specifies the ports used for the destination. You can specify a single port or a range.
Category	A category defines the type of content available on a site. CylanceGATEWAY makes a best effort based on available information to determine the category of destination sites. You can select one of the following options: Not applicable: The rule does not include categories. Matches any: The rule applies if the destination matches any category specified in the rule. If you select this option, a list of categories that you select from is displayed. Does not match: The rule applies if the destination does not match any category specified in the rule. If you select this option, a list of categories that you select from is displayed. For more information on the available categories that can be specified, see Destination content categories
Conditions
User properties	This setting specifies users, user groups, or operating systems to include in the rule. You can specify any number of users, user groups, and operating systems or a combination of each. When you click the User properties drop-down, select the user property that you want to specify the condition for. You can select one of the following options: Not applicable: The rule applies to all users, groups, and operating systems. Matches any: The rule applies only to the users, groups, and operating systems you add to the rule. If you select this option, a field to add user properties is displayed. Does not match: The rule applies only to users, groups, and operating systems that are not listed in the rule. If you select this option, a field to add user properties is displayed. When you begin typing a name or user group, a list will display a matching list of user names. When you specify the operating system, you must select it from the list. You can select from the following OS options: Android iOS macOS Windows You can add rows to specify any number of users, groups, and operating systems.
Risk	This setting specifies the acceptable risk level of the device as it is configured in the Risk Assessment policy. For information on creating a risk assessment policy, see Create a risk assessment policy. Not applicable: The risk level is not a condition for access. Matches any: The device must be within the range of acceptable risk levels to allow the connection. If you select this option, you can select the acceptable risk levels. The default risk level is Secure (no risk).

Section:

Controlling network access