Install the Cylance App and view the Dashboard
This page demonstrates how to install the Cylance App, as well as providing examples of each of the dashboards. The App preconfigured searches and Dashboards provide easy-to-access analytic visualizations of your data.
Install the Sumo Logic App
Now that you have set up log collection for Cylance, you can install the Cylance App.
To install the app:
Dashboard filters
Each dashboard has a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.
Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.
Cylance - Overview Dashboard
The Cylance - Overview Dashboard a high-level view of threat incidents experienced on your network. The dashboard panels provide at-a-glance graphs with details and analytics on exploit control violation types, zones, threat classifications, devices, threat file types, event types and trends, event outliers, and event time compare trends.
Use this dashboard to:
- Analyze summaries of each prevention component, such as script control, memory exploit protection, device control, application control, AI based threat classification, and user actions performed from Cylance Web Console.
- View of threats in the system, and drill down into specific prevention mechanisms and threat events by clicking in the panel.
Cylance - Threat Dashboard
The Cylance - Threat Dashboard provides a high-level view of the threats experienced on your network. Dashboard panels display graphs and detailed information with the number of events, top event names, status, file types, unique threats, severity, hosts with the most threats, threat origination, classification, and blocked threats.
Use this dashboard to:
- Determine hosts (IP Address, device names) and zones affected by various threats identified and handled in the system.
- Monitor files affected with SHA occurring multiple times, and various paths of the files, to understand the threat footprint.
Cylance - Threat Classification Dashboard
The Cylance - Threat Classification Dashboard provides an insightful view of the types of threats experienced on your network. Dashboard panels are a mixture of graphs and detailed information on events, event names, threat class, subclass trends, safe files, malware files, and an event breakdown.
Use this dashboard to:
- Determine how threats in your organization are analyzed and classified by Cylance Research Team.
- Assess threats by classification: Malware, PUP - Potentially Unwanted Programs, Dual Use, Trusted Local, and Unknown.
- Identify Trusted - Local files and add them to your Safe List in Cylance. For more details on classification and subs-classification see the Cylance documentation.
Cylance - Memory Exploit Attempts Dashboard
The Cylance - Memory Exploit Attempts Dashboard provides a high-level view of threats on your network that attempt to exploit memory. Dashboard panels show detailed information on events, violations, blocked and terminated processes, policies, users, hosts, actions, and event trends by action.
Whenever the agent detects certain hard-coded behaviors considered to be indicative of a compromise, an event is communicated to the service before the hooked API function is allowed to complete. The service then responds with an action for the agent to take, such as:
- Ignore the violation and let it execute
- Alert on the violation, but let it execute
- Block the violation and send an alert
- Terminate the process completely
Use this dashboard to:
- Identify the most common policy violations, processes and highly impacted systems in your environment.
- Monitor when, where, and what actions are taken with the configured policies in your environment.
- Devise any necessary policies changes based on findings.
Cylance - Device Dashboard
The Cylance - Device Dashboard provides insights into the devices on your network that receive in threats. Dashboard panels provide information on unique device names, IP addresses, MAC addresses, users, hosts, operating systems, event names, and event trends.
Use this dashboard to:
- Analyze devices under protection by Cylance agent.
- Monitor new devices being registered, updated, and the policies assigned to them.
- Investigate devices that have been removed from protection.
- Assess whether to push the latest agent version, if any device is found running on old or outdated version.
Cylance - Device Control Dashboard
The Cylance - Device Control Dashboard provides insights into external devices involved in threats on your network. Dashboard panels provide graphs and detailed information on events, hosts, unique external devices, event and action trends, and device control event details.
Use this dashboard to:
- Monitor external devices (like USB mass storage device) connected to your environment.
- Assess which devices to connect to your systems.
- Grant and revoke access rights to specific devices, or agroup of device categories.
- Monitor external devices by their Vendor ID, Product ID, and Serial Number.
- Define exceptions to the policy by vendor ID, as necessary.
Cylance - Script Control Dashboard
The Cylance - Script Control Dashboard provides insights regarding scripts on your network. Dashboard panels provide graphs and detailed information on events, devices, interpreters, users, zones, hosts, files, and event trends.
Use this dashboard to:
- Monitor when, where, and how scripts are used in the environment. This ultimately reduces the attack surface on which an evildoer may distribute malware.
- Monitor and protect against scripts running in the environment.
- Monitor the interpreter version on your systems and decide to push latest version, when the system is running an out-dated version.
- Detect the script and script path before the script is executed.
- Monitor which scripts are getting blocked or executed with notification alerts.
- Change alert settings to block mode and only allow scripts to run out of specified folders, as necessary.
Cylance - AuditLog Dashboard
The Cylance - AuditLog Dashboard has easy to access information about audit logs for your network. Dashboard panels provide high-level graphs and detailed information showing the number of events, event names and trends, users and user geographic locations, source IPs, and a list of recent events.
Use this dashboard to:
- Monitor user activity performed from Cylance Web Console.
- Monitor users overriding, updating policies manually using Cylance Web Console.