Skip Navigation

Configure the syslog data connection over SSL for
Windows
Splunk

  1. In the
    Cylance
    console, click
    Settings
    >
    Application
    and select the TLS/SSL box.
  2. From the
    Splunk
    server command line, using the script below, generate certificates.
    mkdir c:\progra~1\Splunk\etc\certs C:\progra~1\Splunk\bin\splunk.exe cmd cmd.exe /c c:\progra~1\Splunk\bin \genRootCA.bat -d c:\progra~1\Splunk\etc\certs C:\progra~1\Splunk\bin\splunk.exe cmd python c:\progra~1\Splunk\bin \genSignedServerCert.py -d c:\progra~1\Splunk\etc\certs -n splunk -c splunk -p
  3. In the C:\Program Files\Splunk\etc\apps\cylance_protect\local\inputs.conf file, modify the two sections below using the following attributes:
    [tcp-ssl://6514] disabled = false sourcetype =
    <syslog_protect>
    index =
    <cylance_protect>
    source =
    <YourTenantNameHere>
    [SSL] sslPassword =
    <The password that was used in the genSignedServerCert command above>
    requireClientCert = false serverCert = c:\progra~1\Splunk\etc\certs\splunk.pem
  4. Using the script below, restart
    Splunk
    and verify the open port.
    c:\progra~1\Splunk\bin\splunk.exe restart netstat -an | findstr :6514
If you want the
CylancePROTECT
Application for
Splunk
to receive threat data reports, see Configure threat data reporting