Enable threat data report
After you restart
Splunk
, the CylancePROTECT Desktop
Application for Splunk
will now appear in your Splunk
instance.In a single-instance
Splunk
installation or on a Heavy Forwarder, you will need to enable inputs, which are disabled by default:- In theSplunkmenu, clickSettings > Data inputs.
- In the Data section, in Local inputs, clickSection > Scripts.
- For each of the scripts (devices, events, indicators, and threats), in the Status column, click the Enable link.When you click on the Enable link,Splunkwill invoke the associated script, and thereafterSplunkwill repeatedly invoke the script according to the interval setting for that script, which is 24 hours by default.