Cylance Console Settings/Application page
CylanceConsole Settings/Application page
For Tenant Name, use the text to the right of Company: shown in the
token, look in the Integrations section, check the Threat Data Report checkbox (if it is not already checked), and copy or generate/copy the token.
Note on Token Regeneration
If an administrator deletes or regenerates the Threat Data Report token after you have set the above token, you must update the TDR configuration page with the new token.
Note on Tenant Removal
When a tenant is deleted in the Configure Tenants page, all the data associated with the tenant is permanently removed from the app. This data includes entries in password.conf, indexed data, and files (.csv and .sha) in the local directory for the app. If this tenant were to be added back to the app in the future, then all the Threat Data would be restored (Threat Data Reports include a tenant’s complete history). In a distributed configuration, ensure that the .csv and .sha files (in the local directory for the app) have been deleted before you add the same tenant name back into the app.
In contrast, syslog data would only start accumulating data in the app from the point at which the newly configured tenant’s syslog is enabled in the app.
For your specific download URL value, please refer to New Threat Report which has URLs for threats, devices, events, indicators, and cleared. All you need is the base URL, which is common to each of the URLS (for example, https://protect.cylance.com/Reports/ThreatDataReportV1)
The base URL should not end with a slash (/), and the Chrome web browser seems to work best in the TDR setup screen. The SPLUNK_HOME Environment variable must be set to the