Collect logs using connectors

You can allow

CylanceMDR

to collect logs from various sources by providing the necessary information to the

CylanceMDR

onboarding team to configure it in your tenant.

The following table lists some example log sources that can use connectors. For more information, contact the

CylanceMDR

onboarding team.

Log source	Required information
HIBUN	Provide the following information (obtained from Hitachi Solutions) to the CylanceMDR team: Customer Code Username Password The password should not contain non-ASCII special characters.
Microsoft Active Directory	Provide the following information to the CylanceMDR team: The Active Directory domain to be monitored The fully qualified domain name (FQDN) or IP address for an Active Directory Server configured as a Domain Controller The protocol type (LDAP, LDAPS, or LDAPS with certificate validation disabled) Active Directory username and passwords with appropriate permissions If you want to collect Active Directory logs from the Modular Sensor, you need to add the Active Directory server domain and domain controller to the same DNS where the Modular Sensor is installed. For Collect only configurations, the username and password needs to be a standard Active Directory user who is a member of the domain to be monitored. The password should not include non-ASCII special characters. For Respond configurations (if you want to also allow CylanceMDR to respond to a detected threat by disabling an Active Directory user account), do the following: Launch Active Directory Users and Computers with administrative credentials. Right-click on the Organizational Unit with the user account for which you want to enable the respond action authority, and select Delegate Control . Select the user or group to which you want to delegate the authority, then click Next . Select Create Custom Task to Delegate and click Next . In the Delegation of Control Wizard , select the Only the following objects in the folder radio button. Select User objects and click Next . In the Show these permissions section, select only the Property-specific option. Deselect the General and Creation/Deletion of specific child objects options. In the specific permissions section, select the checkboxes for Read userAccountControl and Write userAccountControl . Click Next . Click Finish .
Microsoft Azure Active Directory / Entra ID	Provide the following information to the CylanceMDR team: Application (client) ID Directory (tenant) ID Secret Key (password) To obtain this information for configuring CylanceMDR , you need to: In the Azure AD portal, register the CylanceMDR application. In the AD manifest, set allowPublicClient to "true". Create a new client secret (password) for CylanceMDR . Set the API permissions (application permissions) for Microsoft Graph and specify the logs that you want to collect. A super admin must grant admin consent. For more information, see the Microsoft documentation.
Microsoft Azure Event Hub	Event Hub Name: The name of the Event Hub Connection String: Find the connection string in Azure. You must use a unique connection string for each instance Consumer Group: The consumer group for the Event Hub Event Source: The source of the events you want to collect from Event Hub. You must configure log sources to send data to the Event Hub. AzureActivityLog AzureBastion AzureFirewall AzureKeyVault AzureSecurityCenter AzureSecurityGroups AzureSQLServer (includes AuditEvent log ) AzureStorage AzureSynapseWorkspace AzureWebApplicationFirewall