Set up the CylancePROTECT Desktop Application for Splunk Skip Navigation

Set up the
CylancePROTECT Desktop
Application for
Splunk

Setup in
Splunk
requires command-line access due to the need to edit the api.py configuration file.
  1. On the desired search head, edit the api.py configuration file found here:
    $SPLUNK_HOME/etc/apps/cylance_protect/bin/api.py
  2. Line 9-12 must be populated with the
    Cylance
    console information (obtained in the
    Cylance
    Console Setup steps).
  3. In the
    CylancePROTECT Desktop
    Application for
    Splunk
    , select
    Tools > API Connector
    .
  4. Select a Function using the drop-down menu. Example: Add to Global Blacklist.
  5. Enter the file hash as the Parameter.
  6. Click
    Submit
    . Check the Result information to see the HTTP responses from the
    Cylance
    console.
    If API calls fail after editing the api.py configuration file, the
    *.pyc
    files may need to be deleted in the following directory:
    $SPLUNK_HOME/etc/apps/cylance_protect/bin/