Set up the CylancePROTECT Application for Splunk
CylancePROTECT
Application for Splunk
Setup in
Splunk
requires command-line access due to the need to edit the api.py configuration file.- On the desired search head, edit the api.py configuration file found here:$SPLUNK_HOME/etc/apps/cylance_protect/bin/api.py
- Line 9-12 must be populated with theBlackBerryConsole information (obtained in theBlackBerryConsole Setup steps).
- In theCylancePROTECTApplication forSplunk, selectTools > API Connector.
- Select a Function using the drop-down menu. Example: Add to Global Blacklist.
- Enter the file hash as the Parameter.
- ClickSubmit. Check the Result information to see the HTTP responses from theBlackBerryConsole.If API calls fail after editing the api.py configuration file, the*.pycfiles may need to be deleted in the following directory:$SPLUNK_HOME/etc/apps/cylance_protect/bin/