Skip Navigation
DOCS HOME
UNIFIED ENDPOINT SECURITY
BlackBerry UES
BlackBerry Guard
BlackBerry Syslog
BlackBerry User API
ENDPOINT MANAGEMENT
BlackBerry Connectivity
BlackBerry Enterprise Mobility Server
BlackBerry UEM
BlackBerry UEM Client
BlackBerry UEM Cloud
BlackBerry UEM Enroll
Protect Mobile UEM
Persona Mobile UEM
SDK: BlackBerry UEM Integration
SDK: BlackBerry Web Services for BlackBerry UEM
BLACKBERRY DYNAMICS
BlackBerry Access
BlackBerry Analytics
BlackBerry Bridge
BlackBerry Connect
BlackBerry Edit
BlackBerry Notes
BlackBerry Tasks
BlackBerry Work
SDK: BlackBerry Dynamics
SDK: BlackBerry Dynamics Launcher SDK
Security and Architecture
MORE PRODUCTS
Identity, Communication, and Collaboration
BlackBerry 2FA
BBM Enterprise
BlackBerry Enterprise ID
BlackBerry Org Connect
BlackBerry Workspaces
Development Tools
BlackBerry AppSecure SDK
BlackBerry Dynamics Launcher SDK
BlackBerry Dynamics SDK
BlackBerry Spark Communication Services
BlackBerry UEM Integration SDK
BlackBerry Web Services for BlackBerry UEM
BlackBerry Workspaces SDK
Critical Event Management
BlackBerry Alert
BlackBerry AtHoc
Cylance products
CylanceHYBRID
CylanceON-PREM
Cylance Multi-Tenant Console
CylanceGUARD
CylanceV
Cylance Application for QRadar
Cylance Application for Splunk
×
Protect Application for Splunk
1.6
Administrator Guide
Get the PDF
Introduction
Index, Eventtypes, and Sourcetypes
Dashboards
System requirements
Installation
Installing using Splunk Web
Installing Manually
Configure the index
Data sources
Configure Syslog
Architecture
Splunk settings
BlackBerry tenant settings
Verify configuration of Syslog
Configure threat data report
BlackBerry Console Settings/Application page
Enable threat data report
Configure adaptive response
Functionality and usage
HTTP responses
Set up the BlackBerry Console
Set up the CylancePROTECT Application for Splunk
Restrict access to the API connector
Removing the CylancePROTECT Application for Splunk
Remove application only and leave data intact
Remove application and data
Disable application
Data source types
Troubleshooting
Troubleshoot Syslog consumption
Troubleshoot threat data report (TDR) consumption
Log examination
Support
Request guidelines
Appendix: configure Syslog over SSL in Splunk
Linux Splunk 6.5.0 and newer
Generate certs
Modify configuration files
Restart Splunk and verify open port
Linux Splunk versions prior to 6.5.0
Generate certs
Modify configuration files
Restart Splunk and verify open port
Windows Splunk 6.5.0 and newer
Generate certs
Restart Splunk and verify open port
BlackBerry Docs
Cylance products
Protect Application for Splunk
Removing the CylancePROTECT Application for Splunk
Remove application and data
Remove application and data
Index names below will most likely be protect or cylance_protect.
Linux
Remove data: .
/splunk remove index <Your Index Name>
Remove app:
./splunk remove app [appname]
Windows
Remove data:
splunk remove index <Your Index Name>
Remove app:
splunk remove app [appname]
If you reinstall the application, the previously indexed data is available again.
Section:
Removing the CylancePROTECT Application for Splunk