- Overview
- Requirements: CylanceON-PREM
- Configuring the CylanceON-PREM virtual appliance
- Configuring the console
- Setting up the CylancePROTECT agent
- Device management
- Threat management
- Global lists
- Administration
- Managing users
- Managing roles
- Update profile information
- Audit logs
- Managing Certificates
- Setting up email notifications
- Settings
- Upgrade CylanceON-PREM
- Reboot the virtual appliance
- Configure session timeout
- Update CylanceON-PREM SSL certificate version 1.3.1 and later
- Update CylanceON-PREM SSL certificate version 1.2.2.1 and earlier
- Change the certificate cipher mode
- Enable maintenance mode
- Change network settings
- Check an IP address
- Change the log level
- Download logs
- Configure syslog/SIEM settings
- Update database connection settings
- Configure active directory
- Configure identity provider settings
- Using certificate-based authentication
- Add a banner to the login screen
- Applications
- CylanceON-PREM API
- Troubleshooting
- Agent not communicating with CylanceON-PREM
- Web browser reports insecure webpage
- Unable to connect to external database
- Configure static IP using the OVF tool
- Remote server 404 error in log files
- Log in with a local administrator account
- Online Certificate Status Protocol issues
- A user is not receiving email notifications
- Before you contact support
- BlackBerry Docs
- CylanceON-PREM
- Cylance ONPREM Administration Guide
- Threat management
- Manage threat events
Manage threat events
You can manage threats found on devices in your organization on the Threat Events page.
- In the console, on the menu bar, clickEvents > Threat Events. Optionally, you can also click the Threat Events widget on the Dashboard.
- Do any of the following:TaskStepsView removed threats.Click<number> Removed Threatsabove the right side of the list to view the total number of threat events automatically removed by the agent. If your policy hasAuto Delete Quarantineenabled for a specified number of days in Threat Settings, files automatically quarantined by the Agent will be deleted after a specified number of days and will be removed from the Threat Events page. This button allows you to view all removed threats that were automatically deleted by the Agent since the beginning of time.Add a threat to the Global Quarantine list.
- Select one or more events from the list.
- ClickGlobally Quarantine. These events are automatically quarantined on all devices in your organization. The event status is also set toAcknowledged.
Add a threat to the Global Safelist.- Select one or more events from the list.
- ClickGlobally Safelist. These events are allowed on all devices in your organization. The event status is also set toAcknowledged.
Acknowledge a threat.- Select one or more events from the list.
- Click Acknowledge. This changes the event status fromNotoAcknowledged. This means that a user has manually acknowledged an event and lowers the threat in the list, allowing you to focus on events that require more attention. By default, the events list displays events that have not been acknowledged first.
To filter entries in this list to find information faster, click 
.
.To export the entries in this list to be used in other applications, click 
.
.