Verify configuration of Syslog
You can now perform a basic test to verify that
CylancePROTECT Desktopis forwarding syslog messages to the
- In theSplunkSearch bar, with the time set to the Real-time one-minute Window, run the following query:eventtype=cylance_index sourcetype=syslog
- In the console, go toSettings > Application
- Under Syslog/SIEM, in the Integrations section, click theTest Connectionbutton. You should see a green popup with a message: Connection was successful
- InSplunk, below the search bar in the results part of the page, an event should appear which contains the text:CylancePROTECT---Test Connection Message
All of the provided syslog dashboards should begin populating as events occur.
In addition, by adhering to the Common Information Model, the
CylancePROTECT DesktopApplication for
Splunkprovides the console syslog data that is ready for integration with other
Splunkapps such as the
Splunkfor Enterprise Security app.