Skip to main content
Sumo Logic

Install the Cylance App and view the Dashboard

  1. Last updated
  2. Save as PDF

Install the Sumo Logic App

Now that you have set up collection for Cylance, install the Sumo Logic App for Cylance to use the preconfigured searches and Dashboards to analyze your data.

To install the app:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
    4. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Dashboards

Cylance - Overview

The Cylance Overview Dashboard includes filters that you can use in Interactive Mode for visibility into your Cylance system.

Cylance_Overview_Dashboard.png

Total Threats. Displays the total number of distinct threat events in a single value chart for the last 15 minutes.  

By Event Type. Shows the percentage of events by type in a pie chart for the last 15 minutes.

By Status. Provides details on threats by status level in a pie chart, including states such as Unsafe, Cleared, Abnormal, and Quarantined for the last 15 minutes.

By Detection Method. Displays the detection methods used to expose the threat in a pie chart for the last 15 minutes.

Devices with the Most Events. Shows a list of devices with the most threat events in a table chart, including the device name and the count for the last 15 minutes.

Devices with High Risk Scores. Provides information on devices with the highest threat total score ranked in a table chart, including device name and total score, for the last 15 minutes.

FileNames with the Most Events. Displays file names with the most number of reported threat events in a table chart, including file name and count for the last 15 minutes.

Score by Occurrence. Shows the number of occurrences of a score, ranging from 1 to 99, in a table chart, including the score and the number of devices, for the last 15 minutes.