Enable threat data report Skip Navigation
  1. BlackBerry Docs
  2. Cylance products
  3. Protect Application for Splunk
  4. Configure threat data report
  5. Enable threat data report

Enable threat data report

After you restart
Splunk
, the
CylancePROTECT Desktop
 Application for
Splunk
 will now appear in your
Splunk
 instance.
In a single-instance
Splunk
 installation or on a Heavy Forwarder, you will need to enable inputs, which are disabled by default:
  1. In the
    Splunk
     menu, click
    Settings > Data inputs
    .
  2. In the Data section, in Local inputs, click
    Section > Scripts
    .
  3. For each of the scripts (devices, events, indicators, and threats), in the Status column, click the Enable link.
    When you click on the Enable link,
    Splunk
     will invoke the associated script, and thereafter
    Splunk
     will repeatedly invoke the script according to the interval setting for that script, which is 24 hours by default.