Installation Skip Navigation

Installation

BlackBerry
provides both an application and a technology add-on (TA). If the
Splunk
environment is an all-in-one, only the application needs to be installed since it contains both the visual and the data ingest components. If the
Splunk
environment is distributed, then the application should be installed on the search heads and the TA should be installed on the indexers and forwarders.
If the once-per-day Threat Data Report data source is desired, the full app is required on at least one Heavy Forwarder because it uses inputs.
Application Download:
If this is the first time you are installing the app in this
Splunk
instance, then follow the steps below. In most cases, an application upgrade will work. However, if you run into issues upgrading the
CylancePROTECT Desktop
Application for
Splunk
, then follow the uninstall steps (outlined in the Uninstallation section) before installing the latest version of the app.
After you have downloaded
CylancePROTECT Desktop
Application for
Splunk
via Splunkbase, the installation of this app follows the normal app install procedure of either manually unpacking the package (.tar.gz) or using
Splunk
Web Manage Apps.
If you run
Splunk
in a distributed setup, you must install the
CylancePROTECT Desktop
Application for
Splunk
on a single Heavy Forwarder in addition to the search heads. The search heads should only have the
Splunk
Web enabled (GUI visible) and do not require the inputs because the Heavy Forwarder should have the inputs enabled.
Tip for
Splunk
Version / Installation:
  • Not all
    Splunk
    versions interact with the app the same way. Using different browsers may help increase setup and navigation compatibility. For example, use
    Chrome
    for configuring TDR and use Firefox to view menus:
    • http://<IP>:<PORT>/en-US/app/cylance_protect/ConfigureTDR