Verify configuration of Syslog

You can now perform a basic test to verify that

BlackBerry Protect Desktop

is forwarding syslog messages to the

Splunk

app:

In the

Splunk

Search bar, with the time set to the Real-time one-minute Window, run the following query:

eventtype=cylance_index sourcetype=syslog

In the

BlackBerry

Console, go to

Settings > Application

Under Syslog/SIEM, in the Integrations section, click the

Test Connection

button. You should see a green popup with a message: Connection was successful

Splunk

, below the search bar in the results part of the page, an event should appear which contains the text:

CylancePROTECT---Test Connection Message

All of the provided syslog dashboards should begin populating as events occur.

In addition, by adhering to the Common Information Model, the

CylancePROTECT

Application for

Splunk

provides

BlackBerry

Console syslog data that is ready for integration with other

Splunk

apps such as the

Splunk

for Enterprise Security app.