This article describes the required procedure to integrate Cylance Endpoint Security with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations.
1. On the left sidebar, click on the Gearbox icon to open the Settings panel. Then, click on Integrations.2. You will see a panel displaying different configuration options. In the upper right corner, you will find your Tenant ID.Please save the Tenant ID as it will be required later for setting up the integration.3. Once you’ve saved the Tenant ID, click the green Add Application button to continue with the setup.4. Enter a name for your application in the Application Name field. In the privileges section, select the permissions shown in the image below. These are all in the Global Lists row.
Read Write DeleteThese permissions will allow the application to manage indicators from Global Lists.5. Once you've set the privileges, click on the gray Save button at the bottom of the screen.6. As soon as you create the application, a window will open where you will see the Application ID and Application Secret. Copy both the Application ID and Application Secret, you will need these to set up the integration.The Application Secret may only be visible once. If you lose it, you will need to repeat this process from the beginning.
1. In the Lumu Portal, head to the panel on the left and open the Integrations drop-down menu. Then,click on Apps. Click on the Response tab on the right to filter the available integrations accordingly.2. Locate the Cylance Endpoint Security integration. The list is organized in alphabetical order from A to Z. Click on the Add button.3. On the window that opens, familiarize yourself with the integration details as well as best use cases and requirements. Next, click the orange Activate button to start the integration setup process.4. A popup will appear asking you to fill in Name and Threat Types. Make sure the name of the integration is meaningful and descriptive, and then choose the Threat Types you want the integration to push to Cylance Endpoint Security. When done, click on the orange Next button.5. Another window will open. Choose the Service Endpoint that matches your server from the dropdown list, as collected in the Service Endpoint step in the Preliminary Setup section.Then, enter the Tenant ID, Application ID, and Application Secret obtained in the Tenant ID, Application ID, and Application Secret step in the Preliminary Setup section, and click the orange Save button.Lumu will verify the accuracy of the credentials provided.6. The integration is now created and active. The Lumu Portal will display the details of the created integration:
1. Head to the left sidebar and click on the Gear icon to open the Settings panel. Then, click on the Global List option.2. There you will see the hashes uploaded by Lumu.