Skip Navigation
  1. BlackBerry Docs
  2. Cylance products
  3. CylancePROTECT Application for Splunk Administration Guide
  4. Installing and configuring the CylancePROTECT Application for Splunk
  5. Configure threat data reporting

Configure threat data reporting

If you cannot consume syslog data, or if you want to have backward compatibility with previous versions of this application, you can configure threat data reports (TDR) to receive daily report data from
Cylance Endpoint Security
. The
CylancePROTECT
 Application for
Splunk
can process data from the Devices, Events, Indicators, and Threats reports.
  1. In the
    CylancePROTECT
     Application for
    Splunk
    , on the menu bar, click
    Help
     >
    ConfigureTDR
    .
  2. In the
    Add Tenant
     section, specify the following:
    • Tenant Name
      : Enter the name of your company.
    • URL
      : Enter the invitation URL.
    • Token
      : Enter the installation token.
    To find the values of the fields, in the
    Cylance
     console, click
    Settings
     >
    Application
    .
  3. Click
    Add
    .
    If an administrator deletes or regenerate the token, you must update the ConfigureTDR page with the new token.
  4. Restart
    Splunk
    . After you restart
    Splunk
    , you will see the threat data reports in your
    Splunk
     environment.
In a single-instance
Splunk
 installation or on a heavy forwarder, complete the following steps to enable data inputs:
  1. In
    Splunk
    , on the
    Splunk
     menu bar, click
    Settings
     >
    Data inputs
    .
  2. In the
    Local Inputs
     section, click
    scripts
    .
  3. In the
    Status
     column, click
    Enable
     for each script.
    To find the values of the fields, in the
    Cylance
     console, click
    Settings
     >
    Application
    .