- Overview
- CylanceON-PREM architecture
- Steps to get started with CylanceON-PREM
- Requirements: CylanceON-PREM
- Configuring the CylanceON-PREM virtual appliance
- Migrating to the most recent version of CylanceON-PREM
- Configuring the CylanceON-PREM console
- Log in to CylanceON-PREM
- Administrative dashboard
- Filter lists
- Export lists
- CylanceON-PREM policies
- Setting up the CylancePROTECT agent
- Adding the CA certificate to endpoints
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Manually update the Linux driver
- Upgrading the CylancePROTECT Desktop agents
- Using virtual machines
- Manage devices in CylanceON-PREM
- Threat management in CylanceON-PREM
- CylanceON-PREM Global lists
- CylanceON-PREM Administration
- Managing CylanceON-PREM users
- Managing roles
- Update profile information
- CylanceON-PREM audit logs
- Managing Certificates
- Setting up email notifications for CylanceON-PREM
- CylanceON-PREM Settings
- Upgrade CylanceON-PREM
- Reboot the virtual appliance
- Configure session timeout
- Update CylanceON-PREM SSL certificate version 1.3.1 and later
- Update CylanceON-PREM SSL certificate version 1.2.2.1 and earlier
- Change the certificate cipher mode
- Enable maintenance mode
- Change network settings
- Check an IP address
- Change the log level
- Download logs
- Configure syslog/SIEM settings
- Update database connection settings
- Configure active directory
- Configure identity provider settings
- Using certificate-based authentication
- Add a banner to the login screen
- Applications
- CylanceON-PREM API
- Troubleshooting
- Agent not communicating with CylanceON-PREM
- Web browser reports insecure webpage
- Unable to connect to external database
- Configure static IP using the OVF tool
- Remote server 404 error in log files
- Log in with a local administrator account
- Online Certificate Status Protocol issues
- A user is not receiving email notifications
- Before you contact support
- BlackBerry Docs
- CylanceON-PREM
- Cylance ONPREM Administration Guide
- CylanceON-PREM Administration
- CylanceON-PREM Settings
- Configure syslog/SIEM settings
Configure syslog/SIEM settings
Administrators can figure
CylanceON-PREM
version 1.1.0 or higher to forward events from their CylanceON-PREM
virtual appliance to a syslog server. The context of each event is Unicode plain text consisting of key-value pairs, separated by commas. Due to a size limitation of most Syslog servers, the details of each message (Cylance
-specific payload) is limited to 2048 characters.The Threat Classifications event type is not available for
CylanceON-PREM
because the virtual appliance does not communicate with the CylancePROTECT Desktop
console.- In the console, on the menu bar, clickConfiguration > Settings.
- Click
beside Syslog/SIEM. This expands the Syslog settings. - Click the Syslog/SIEM toggle to enable the feature. Use this toggle to enable or disable the feature without losing any settings.
- Configure the Syslog settings. For more information on syslog settings, see theCylanceSyslog Guide.With TLS/SSL enabled, administrators can add an SSL certificate instead of pasting in the certificate information. The certificate can be added after configuring Syslog settings. Make sure you save any changes to this section before navigating to the Certificates page (Configuration > Certificates) to ensure your changes are not lost. WithVerify Peer Modedisabled, the SSL certificate is not required. The connection is encrypted, butCylanceON-PREMwill not validate the peer certificate.UDP does not support notifications when the Syslog server shuts down.
- Click
.
To upload an SSL certificate, go to the
Configuration > Certificates
page and add the certificate. See Add a certificate for more information.To remove a Syslog server shut down notification, re-enable Syslog. If you no longer want to use Syslog, re-enable Syslog and then disable Syslog.