Skip Navigation

Cylance Console Overview

A walkthrough of every section of the management console

This guide provides an overview of the different sections of the Cylance console and provides you with links to the Cylance Endpoint Security docs for more information.

The management console dashboards offer helpful visualizations and statistical summaries of the data collected and analyzed by different Cylance Endpoint Security services.

See Using dashboards.

You can use the screens available in this section to review and respond to threats detected by CylancePROTECT Desktop and CylancePROTECT Mobile.

You can use zones to group and manage CylancePROTECT Desktop, CylanceOPTICS, and CylancePERSONA devices. Zones are the most efficient way to manage the application of device policies to groups of devices.

See Setting up zones.

Use the Assets screens to view and manage the devices and users that are actively using Cylance Endpoint Security services and features.

See Managing users, devices, and groups.

Use this section of the console to review and explore the forensic data collected from CylanceOPTICS devices and to take action in response to threats.

See Analyzing data collected by CylanceOPTICS and Using CylanceOPTICS to detect and respond to events.

Use the CylancePERSONA screen to view and manage the alerts that have been detected by the CylancePERSONA agent on desktop devices.

See Managing user risk with CylancePERSONA Desktop.

Use the CylanceGATEWAY screen to monitor the events detected by the CylanceGATEWAY agent on desktop devices and the CylancePROTECT Mobile app on mobile devices. Events are reported only if work mode is enabled.

See Monitoring network connections with CylanceGATEWAY.

Use this screen to generate and review reports about CylancePROTECT Desktop devices and threats.

See Using CylancePROTECT Desktop reports.

Use this section of the management console to configure and assign policies that define the behavior of Cylance Endpoint Security features and services.

Use this section of the management console to configure various settings to customize Cylance Endpoint Security services and features to meet your organization’s needs.

The landing screen of the Cylance console.

 

See the Cylance Endpoint Security docs for complete product information and help resources, including:

  • Release Notes: Fixed and known issues and information about what’s new for each Cylance Endpoint Security service.
  • Overview and Architecture Guide: A comprehensive overview of services and features, including architecture diagrams and select data flows.
  • Setup: Instructions for setting up your Cylance Endpoint Security environment and services.
  • Administration: Instructions for the day-to-day management of services and features.
  • User Guides: Instructions for end users of the CylancePROTECT Mobile app and desktop agents.
A dashboard screen in the Cylance console.

Screens to manage CylancePROTECT Desktop

Screens to manage CylancePROTECT Mobile

The Zones screen in the Cylance console.

 

You can also use zones to easily manage updates of the CylancePROTECT, CylanceOPTICS, and CylancePERSONA agents on devices.

See Manage updates for the UES desktop agents.

Devices

Applies to: CylancePROTECT Desktop, CylanceOPTICS

  • Download agent installers
  • View device details
  • Assign device policies
  • Add devices to zones
  • Remove devices
  • Device lifecycle management

See Manage CylancePROTECT Desktop and CylanceOPTICS devices.

Mobile Devices

Applies to: CylancePROTECT Mobile, CylanceGATEWAY (mobile only)

  • View alerts
  • View a device’s current risk level
  • View compliance details

See Manage devices with the CylancePROTECT Mobile app.

Persona Users

Applies to: CylancePERSONA Desktop

  • View user information and details
  • View alerts
  • Pause risk scoring
  • Reset a user’s trust score

See Manage CylancePERSONA Desktop users.

Users

Applies to: CylancePROTECT Mobile, CylanceGATEWAY (mobile and desktop)

  • View alerts and events
  • View device details
  • Manage group membership
  • Assign user policies
  • Send activation emails for the CylancePROTECT Mobile app

See Manage CylancePROTECT Mobile and Gateway users.

User Groups

Applies to: CylancePROTECT Mobile, CylanceGATEWAY (mobile and desktop)

  • Manage group membership
  • Assign user policies to groups

See Manage user groups.

Detections

View and analyze the events detected by the CylanceOPTICS agent. Use the detections dashboard to review trends over time, the severity of different detections, and detailed information about each detection. See View and manage detections.

InstaQuery

Construct queries to analyze artifact data, discover indicators of compromise, and to determine the prevalence of artifacts on devices. See Using InstaQuery and advanced query to analyze artifact data.

Advanced Query

Construct your own queries with EQL syntax for advanced threat-hunting. See Using InstaQuery and advanced query to analyze artifact data.

Focus Data

Request focus data to visualize and analyze the chain of events, and the associated artifacts and facets of those events, that resulted in a piece of malware or other security threats on a device. See View focus data.

Packages

Deploy custom or preconfigured packages to collect data from devices for further analysis. For example, you can run a process to collect browser data. See Deploy a package to collect data from devices.

Devices

View details and status information for all CylanceOPTICS devices. See View devices that are enabled for CylanceOPTICS.

Action History

Retrieve and review remote response logs and download files that CylanceOPTICS has identified as potential threats. See View and download files that CylanceOPTICS has retrieved.

Configurations

Configure detection rule sets and exceptions, create custom detection rules, and create packages and package playbooks. See Using CylanceOPTICS to detect and respond to events.

The CylancePERSONA events screen in the Cylance console.
The CylanceGATEWAY events screen in the Cylance console.
The CylancePROTECT Desktop reports screen in the Cylance console.

Application

  • View, delete, or regenerate the installation token for the CylancePROTECT Desktop agent.
  • View, disable, or generate an invitation URL for CylancePROTECT Desktop users.
  • Configure whether users must provide a password to remove the CylancePROTECT Desktop agent.
  • Configure Cylance Endpoint Security to send events for different services and features to a SIEM solution or syslog server. See Send events to a SIEM solution or syslog server.
  • Configure custom authentication for the management console. See Custom authentication.

Administrators

Assign administrator roles to users and create your own roles with custom permissions. Roles and their associated permissions control the features that an administrator can view and modify throughout the console.

See Setting up administrators.

Global List

Add files to the global quarantine or safe list to control whether they are blocked or permitted on CylancePROTECT Desktop devices.

See Add a file to the CylancePROTECT Desktop global quarantine or global safe list.

Global List (Mobile)

You can use the safe list to exempt a specific app or developer signing certificate from CylancePROTECT Mobile malware and sideload detection, or an IP address or domain from CylancePROTECT Mobile message scanning. You can use the restricted list to classify a specific app, developer signing certificate, IP address, or domain as a threat as soon as it is detected by these features.

See Add an app, certificate, IP address, or domain to a CylancePROTECT Mobile safe or restricted list.

Detection and Response

Create custom partial lockdown configurations for CylanceOPTICS devices.

See Lock a device.

Deployments

Download the installers for the CylancePROTECT Desktop, CylanceOPTICS, and CylancePERSONA agents. 

Update

Manage updates of the CylancePROTECT Desktop, CylanceOPTICS, and CylancePERSONA Desktop agents.

See Manage updates for the Cylance Endpoint Security agents.

Certificates

Add a certificate to the certificates safe list to allow the associated software to run without interruption on CylancePROTECT Desktop devices.

See Add a certificate to the CylancePROTECT Desktop global safe list.

Integrations

Integrate Cylance Endpoint Security with third-party programs using the BlackBerry User API.

See Enable access to the BlackBerry user API.

Device Lifecycle

Configure the time period before an offline CylancePROTECT Desktop device is considered inactive.

See Device lifecycle management.

Authentication

Add an authenticator so that you can use an identity store like Active Directory or myAccount, or an identity or multi-factor authentication provider like Okta, Ping Identity, or Duo, to specify the types of authentication users must complete to access the management console or to activate the CylancePROTECT Mobile app or the CylanceGATEWAY agent.

See Add an authenticator.

Directory Connections

Connect Cylance Endpoint Security to your organization’s directory to onboard users for the CylancePROTECT Mobile and CylanceGATEWAY services.

See Installing the BlackBerry Connectivity Node and Linking to your company directory.

Connectors

Connect Cylance Endpoint Security to EMM solutions such as Microsoft Intune to enable the reporting of device risk levels to the EMM solution. The device risk level is calculated based on the detection of mobile threats by the CylancePROTECT Mobile app on devices. The EMM solution can execute mitigation actions based on the device risk level.

See Integrating Cylance Endpoint Security with Intune to respond to mobile threats.

Network

Configure settings to customize the features and functionality of CylanceGATEWAY.

See Setting up CylanceGATEWAY.

Activation

Configure how long activation credentials are valid for the CylancePROTECT Mobile app and the CylanceGATEWAY agent.

See Enrolling CylancePROTECT Mobile and CylanceGATEWAY users.