Cylance Endpoint Security Out-of-the-Box Response Integration

Cylance Endpoint Security Out-of-the-Box Response Integration

This article describes the required procedure to integrate Cylance Endpoint Security with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations.

Requirements

Below you will find the technical requirements to use the Cylance Endpoint Security OOTB Response Integration.
  • Cylance Endpoint Security
    • A CylanceENDPOINT Standard subscription or above is required (formerly CylancePROTECT)
  • A Lumu subscription

Preliminary Setup - Cylance Dashboard

In order to set up the integration, you will need to prepare Cylance Endpoint to communicate with the Lumu integration. To do this, you will need to have the following information on hand:
  • Service Endpoint
  • Tenant ID
  • Application ID
  • Application Secret
In the following steps, you will find how to obtain all four of these requirements.

Service Endpoint

The service endpoint address contains a region code to identify the set of servers to which your organization belongs, with North America and the US Government servers having different formats. You can find this address as the URL for your Cylance Dashboard, as underlined in the image below. Keep it on hand, it will be needed for a later step.

Tenant ID, Application ID, and Application Secret

1. On the left sidebar, click on the Gearbox icon to open the Settings panel. Then, click on Integrations.

2. You will see a panel displaying different configuration options. In the upper right corner, you will find your Tenant ID.
Notes
Please save the Tenant ID as it will be required later for setting up the integration.
3. Once you’ve saved the Tenant ID, click the green Add Application button to continue with the setup.

4. Enter a name for your application in the Application Name field. In the privileges section, select the permissions shown in the image below. These are all in the Global Lists row.
  • Read
  • Write
  • Delete
These permissions will allow the application to manage indicators from Global Lists.

5. Once you've set the privileges, click on the gray Save button at the bottom of the screen.

6. As soon as you create the application, a window will open where you will see the Application ID and Application Secret. Copy both the Application ID and Application Secret, you will need these to set up the integration.
Warning
The Application Secret may only be visible once. If you lose it, you will need to repeat this process from the beginning.

Integration Setup - Lumu Portal

This section of the article describes the steps that must be completed on the Lumu Portal to properly set up the Cylance Endpoint Security Response Integration. To start, log into your Lumu account through the Lumu Portal.
Notes
Integrations are also available for Lumu MSP accounts. To access them, log into the Lumu MSP Portal.
1. In the Lumu Portal, head to the panel on the left and open the Integrations drop-down menu. Then,click on Apps. Click on the Response tab on the right to filter the available integrations accordingly.

2. Locate the Cylance Endpoint Security integration. The list is organized in alphabetical order from A to Z. Click on the Add button.

3. On the window that opens, familiarize yourself with the integration details as well as best use cases and requirements. Next, click the orange Activate button to start the integration setup process.

4. A popup will appear asking you to fill in Name and Threat Types. Make sure the name of the integration is meaningful and descriptive, and then choose the Threat Types you want the integration to push to Cylance Endpoint Security. When done, click on the orange Next button.

5. Another window will open. Choose the Service Endpoint that matches your server from the dropdown list, as collected in the Service Endpoint step in the Preliminary Setup section.

Then, enter the Tenant ID, Application ID, and Application Secret obtained in the Tenant ID, Application ID, and Application Secret step in the Preliminary Setup section, and click the orange Save button.

Lumu will verify the accuracy of the credentials provided.

6. The integration is now created and active. The Lumu Portal will display the details of the created integration:

After the integration is activated, the Global List will be updated with confirmed compromises detected by Lumu within the past 3 days.

Final Steps - Validate the Integration on the Cylance Dashboard

1. Head to the left sidebar and click on the Gear icon to open the Settings panel. Then, click on the Global List option.

2. There you will see the hashes uploaded by Lumu.

Now you can be certain that the integration is up and running.
        • Related Articles

        • ESET Endpoint Security Custom Response Integration

          This article shows how to leverage ESET Endpoint Security through its ESET Protect Web Console and Lumu Defender API to enhance your Response capabilities. IMG:IMG00_ESET Lumu.png Response integration between ESET Endpoint and Lumu Requirements ESET ...
        • Harmony Endpoint Out-of-the-Box Response Integration

          Requirements An active Harmony Endpoint Basic or above subscription An account with administrative privileges that allows you to access the Infinity Portal and manage API keys for the Endpoint service. An active Lumu Defender subscription Create API ...
        • Cisco Secure Endpoint Out-of-the-Box Response Integration

          This article describes the required procedure to integrate Cisco Secure Endpoint with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations. Requirements A Cisco Secure Endpoint Essentials or above ...
        • Sophos Endpoint Protection Out-of-the-Box Response Integration

          To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. Requirements Sophos Central Sophos Central Account Access. API Token. You can obtain it in the API Token Management console. Lumu License An active Lumu ...
        • Kaspersky Endpoint Security Custom Response Integration

          This article shows how to leverage Kaspersky Endpoint Security, also known as KES, through its Kaspersky Security Center (KSC) Web Console and Lumu Defender API to enhance your Response capabilities. Response integration between Kaspersky Endpoint ...