Skip Navigation

Configure threat data reporting

If you cannot consume syslog data, or if you want to have backward compatibility with previous versions of this application, you can configure threat data reports (TDR) to receive daily report data from
Cylance Endpoint Security
. The
CylancePROTECT
Application for
Splunk
can process data from the Devices, Events, Indicators, and Threats reports.
  1. In the
    CylancePROTECT
    Application for
    Splunk
    , on the menu bar, click
    Help
    >
    ConfigureTDR
    .
  2. In the
    Add Tenant
    section, specify the following:
    • Tenant Name
      : Enter the name of your company.
    • URL
      : Enter the invitation URL.
    • Token
      : Enter the installation token.
    To find the values of the fields, in the
    Cylance
    console, click
    Settings
    >
    Application
    .
  3. Click
    Add
    .
    If an administrator deletes or regenerate the token, you must update the ConfigureTDR page with the new token.
  4. Restart
    Splunk
    . After you restart
    Splunk
    , you will see the threat data reports in your
    Splunk
    environment.
In a single-instance
Splunk
installation or on a heavy forwarder, complete the following steps to enable data inputs:
  1. In
    Splunk
    , on the
    Splunk
    menu bar, click
    Settings
    >
    Data inputs
    .
  2. In the
    Local Inputs
    section, click
    scripts
    .
  3. In the
    Status
    column, click
    Enable
    for each script.
    To find the values of the fields, in the
    Cylance
    console, click
    Settings
    >
    Application
    .