Configure threat data reporting
If you cannot consume syslog data, or if you want to have backward compatibility with previous versions of this application, you can configure threat data reports (TDR) to receive daily report data from
Cylance Endpoint Security
. The CylancePROTECT
Application for Splunk
can process data from the Devices, Events, Indicators, and Threats reports. - In theCylancePROTECTApplication forSplunk, on the menu bar, clickHelp>ConfigureTDR.
- In theAdd Tenantsection, specify the following:
- Tenant Name: Enter the name of your company.
- URL: Enter the invitation URL.
- Token: Enter the installation token.
To find the values of the fields, in theCylanceconsole, clickSettings>Application. - ClickAdd.If an administrator deletes or regenerate the token, you must update the ConfigureTDR page with the new token.
- RestartSplunk. After you restartSplunk, you will see the threat data reports in yourSplunkenvironment.
In a single-instance
Splunk
installation or on a heavy forwarder, complete the following steps to enable data inputs:
- InSplunk, on theSplunkmenu bar, clickSettings>Data inputs.
- In theLocal Inputssection, clickscripts.
- In theStatuscolumn, clickEnablefor each script.To find the values of the fields, in theCylanceconsole, clickSettings>Application.