Articles in this section

See more

SkyFormation for CylanceProtect Connector Overview

Avatar
Shira Ben-dor
  • Updated
Follow

If you're having trouble at any stage please contact us at support@skyformation.com

Preface

CylancePROTECT is an integrated threat prevention solution that combines the power of artificial intelligence (AI) to block malware infections with additional security controls that safeguard against script-based, fileless, memory, and external devicebased attacks. Unlike traditional endpoint security products that rely on signatures and behavior analysis to detect threats in the environment, CylancePROTECT Uses AI, not signatures, to identify and block known and unknown malware from running on endpoints, delivers prevention against common and unknown (zero-day) threats without a cloud connection and continuously protects the endpoint without disrupting the end-user.

 For more information about CylanceProtect, please visit:

https://www.cylance.com/en-us/platform/products/index.html

The main challenges and needs are to:

  • Get all alerts and events from CylanceProtect
  • Enrich the alerts information with endpoint information
  • The granular alerts and events should be available at the organization’s central log or event management system for compliance, investigation or forensic needs.
  • Detect security threats and policy violations

What is it

SkyFormation for CylanceProtect Cloud Connector, is part of the SkyFormation Collect (c) module.
It continuously retrieves events and alerts from the different sources in the CylanceProtect cloud account, unifies the events into a common application events format, enriches the events with needed detection context and send the events to any existing SIEM/SOC system. 

How it works

SkyFormation for CylanceProtect Cloud Connector retrieves the events from the CylanceProtect service through its APIs. Before sending the events to the existing SIEM/SOC system the connector will

  • Unify the events into the SkyFormation unified application events format
  • Embed the origin event into the SkyFormation event as a blob
  • Parse the origin event into a set of dedicated key-value fields
  • Enrich the event with detection context (e.g. endpoint information)
  • Encode the resulted event into the target SIEM/SOC system standard format (e.g. CEF)
  • Send the event to the existing SIEM/SOC system over syslog

 

Connector's API/Audit Sources & Events Supported

Audit Source (API) Service/Module Covered Events Included
threats   Threats detection alerts and information
devices   Used to enrich threats detected alerts with the device specific information

 

How to on-board CylanceProtect cloud Connector to SkyFormation app

Adding SkyFormation for CylanceProtect cloud connector

 

Related articles

Comments

0 comments

Please sign in to leave a comment.