Set up the CylancePROTECT Desktop Application for Splunk Skip Navigation
  1. BlackBerry Docs
  2. Cylance products
  3. Protect Application for Splunk
  4. Configure adaptive response
  5. Set up the CylancePROTECT Desktop Application for Splunk

Set up the
CylancePROTECT Desktop
 Application for
Splunk

Setup in
Splunk
 requires command-line access due to the need to edit the api.py configuration file.
  1. On the desired search head, edit the api.py configuration file found here:
    $SPLUNK_HOME/etc/apps/cylance_protect/bin/api.py
  2. Line 9-12 must be populated with the
    Cylance
     console information (obtained in the
    Cylance
     Console Setup steps).
  3. In the
    CylancePROTECT Desktop
     Application for
    Splunk
    , select
    Tools > API Connector
    .
  4. Select a Function using the drop-down menu. Example: Add to Global Blacklist.
  5. Enter the file hash as the Parameter.
  6. Click
    Submit
    . Check the Result information to see the HTTP responses from the
    Cylance
     console.
    If API calls fail after editing the api.py configuration file, the
    *.pyc
     files may need to be deleted in the following directory:
    $SPLUNK_HOME/etc/apps/cylance_protect/bin/