This guide provides an overview of the different sections of the Cylance console and provides you with links to the Cylance Endpoint Security docs for more information.
The management console dashboards offer helpful visualizations and statistical summaries of the data collected and analyzed by different Cylance Endpoint Security services.
See Using dashboards.
The Alerts view gives you a comprehensive way to review the alerts that are detected and correlated across Cylance Endpoint Security services, making it easier for you to identify and track prevailing threat patterns and resolve groups of alerts efficiently.
You can use the screens available in this section to review and respond to threats detected by CylancePROTECT Desktop and CylancePROTECT Mobile.
You can use zones to group and manage CylancePROTECT Desktop and CylanceOPTICS devices. Zones are the most efficient way to manage the application of device policies to groups of devices.
See Setting up zones.
Use the Assets screens to view and manage the devices and users that are actively using Cylance Endpoint Security services and features.
Use this section of the console to review and explore the forensic data collected from CylanceOPTICS devices and to take action in response to threats.
See Analyzing data collected by CylanceOPTICS and Using CylanceOPTICS to detect and respond to events.
Use this section to review and investigate the events and files detected by CylanceAVERT.
Use the CylanceGATEWAY screen to monitor the events detected by the CylanceGATEWAY agent on desktop devices and the CylancePROTECT Mobile app on mobile devices. Events are reported only if Work Mode or Safe Mode is enabled.
Use this screen to generate and review reports about CylancePROTECT Desktop devices and threats.
Use this section of the management console to configure and assign policies that define the behavior of Cylance Endpoint Security features and services.
Use this section of the management console to configure various settings to customize Cylance Endpoint Security services and features to meet your organization’s needs.
See the Cylance Endpoint Security docs for complete product information and help resources, including:
Screens to manage CylancePROTECT Desktop
Screens to manage CylancePROTECT Mobile
You can also use zones to easily manage updates of the CylancePROTECT and CylanceOPTICS agents on devices.
See Managing updates for the CylancePROTECT Desktop and CylanceOPTICS agents.
Applies to: CylancePROTECT Desktop, CylanceOPTICS
See Manage CylancePROTECT Desktop and CylanceOPTICS devices.
Applies to: CylancePROTECT Mobile, CylanceGATEWAY (mobile only)
See Manage devices with the CylancePROTECT Mobile app.
Applies to: CylancePROTECT Desktop
See Discover unprotected devices.
Applies to: CylanceAVERT
See Managing CylanceAVERT users.
Applies to: CylancePROTECT Mobile, CylanceGATEWAY (mobile and desktop)
See Manage CylancePROTECT Mobile and Gateway users.
Applies to: CylancePROTECT Mobile, CylanceGATEWAY (mobile and desktop)
See Manage user groups.
View and analyze the events detected by the CylanceOPTICS agent. Use the detections dashboard to review trends over time, the severity of different detections, and detailed information about each detection. See View and manage detections.
Construct queries to analyze artifact data, discover indicators of compromise, and to determine the prevalence of artifacts on devices. See Using InstaQuery and advanced query to analyze artifact data.
Construct your own queries with EQL syntax for advanced threat-hunting. See Using InstaQuery and advanced query to analyze artifact data.
Request focus data to visualize and analyze the chain of events, and the associated artifacts and facets of those events, that resulted in a piece of malware or other security threats on a device. See View focus data.
Deploy custom or preconfigured packages to collect data from devices for further analysis. For example, you can run a process to collect browser data. See Deploy a package to collect data from devices.
View details and status information for all CylanceOPTICS devices. See View devices that are enabled for CylanceOPTICS.
Retrieve and review remote response logs and download files that CylanceOPTICS has identified as potential threats. See View and download files that CylanceOPTICS has retrieved.
Configure detection rule sets and exceptions, create custom detection rules, and create packages and package playbooks. See Using CylanceOPTICS to detect and respond to events.
View the events detected by the CylanceAVERT agent. Click an event to view details in the event details drawer. See CylanceAVERT events.
View the potentially sensitive files detected by the CylanceAVERT agent. See Using the file inventory to identify sensitive files.
Partially Analyzed Files
View the files that were only partially scored by CylanceAVERT for sensitive information. See Partially analyzed files.
View details and download files that were involved in a data exfiltration event. See Using the Evidence Locker to view files involved in CylanceAVERT events.
CylancePROTECT Desktop and CylanceOPTICS
Also see Enable and configure CylanceOPTICS.
Assign administrator roles to users and create your own roles with custom permissions. Roles and their associated permissions control the features that an administrator can view and modify throughout the console.
See Setting up administrators.
Add files to the global quarantine or safe list to control whether they are blocked or permitted on CylancePROTECT Desktop devices.
See Add a file to the CylancePROTECT Desktop global quarantine or global safe list.
Global List (Mobile)
You can use the safe list to exempt a specific app or developer signing certificate from CylancePROTECT Mobile malware and sideload detection, or an IP address or domain from CylancePROTECT Mobile message scanning. You can use the restricted list to classify a specific app, developer signing certificate, IP address, or domain as a threat as soon as it is detected by these features.
See Add an app, certificate, IP address, or domain to a CylancePROTECT Mobile safe or restricted list.
Detection and Response
Create custom partial lockdown configurations for CylanceOPTICS devices.
See Lock a device.
Download the installers for the CylancePROTECT Desktop and CylanceOPTICS agents.
Manage updates of the CylancePROTECT Desktop and CylanceOPTICS agents.
See Managing updates for the Cylance Endpoint Security agents.
Add a certificate to the certificates safe list to allow the associated software to run without interruption on CylancePROTECT Desktop devices.
See Add a certificate to the CylancePROTECT Desktop global safe list.
Integrate Cylance Endpoint Security with third-party programs using the BlackBerry User API.
See Enable access to the Cylance User API.
Configure the time period before an offline CylancePROTECT Desktop device is considered inactive.
See Configure device lifecycle management.
Add an authenticator so that you can use an identity store like Active Directory or myAccount, or an identity or multi-factor authentication provider like Okta, Ping Identity, or Duo, to specify the types of authentication users must complete to access the management console or to activate the CylancePROTECT Mobile app or the CylanceGATEWAY agent.
See Add an authenticator.
Connect Cylance Endpoint Security to your organization’s directory to onboard users for the CylancePROTECT Mobile and CylanceGATEWAY services.
See Installing the BlackBerry Connectivity Node and Linking to your company directory.
Connect Cylance Endpoint Security to EMM solutions such as Microsoft Intune to enable the reporting of device risk levels to the EMM solution. The device risk level is calculated based on the detection of mobile threats by the CylancePROTECT Mobile app on devices. The EMM solution can execute mitigation actions based on the device risk level.
See Integrating Cylance Endpoint Security with Intune to respond to mobile threats.
Configure settings to customize the features and functionality of CylanceGATEWAY.
See Setting up CylanceGATEWAY.
Configure settings to customize the features and functionality of CylanceAVERT.
See Define sensitive content using information protection settings.
Configure how long activation credentials are valid for the CylancePROTECT Mobile app and the CylanceGATEWAY agent.
See Enrolling CylancePROTECT Mobile and CylanceGATEWAY users.