Skip Navigation

Enable threat data report

After you restart
Splunk
, the
CylancePROTECT
Application for
Splunk
will now appear in your
Splunk
instance.
In a single-instance
Splunk
installation or on a Heavy Forwarder, you will need to enable inputs, which are disabled by default:
  1. In the
    Splunk
    menu, click
    Settings > Data inputs
    .
  2. In the Data section, in Local inputs, click
    Section > Scripts
    .
  3. For each of the scripts (devices, events, indicators, and threats), in the Status column, click the Enable link.
    When you click on the Enable link,
    Splunk
    will invoke the associated script, and thereafter
    Splunk
    will repeatedly invoke the script according to the interval setting for that script, which is 24 hours by default.