Highlighted
Trusted Contributor.. Trusted Contributor..
Trusted Contributor..
1137 views

Can ArcSight support Cyland Protect?

Jump to solution

Cylance Protect https://www.cylance.com/products-protect is an endpoint security solution like Symantec Endpoint protection or Sophos AV. It's software that lives on everyone's laptop in the organization. The data is reported to the cloud Cylance solution. Does anyone have any information for getting logs from Cylance Protect into ESM?

Labels (3)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Can ArcSight support Cyland Protect?

Jump to solution

Victor

 

HPe ArcSight - currently does not have a Parser for Cylance Protect  -

 

 

Requirements would be a Syslog Connector -- that can collect logs from an Internet Source - and a RegEx Parser for the Syslog container

 

Once you have the RegEX you would just need to insert the Parser into the Syslog connectors - base configuration files.

 

 

 

--- SPOILER ALERT ----

 

I am hoping to have my Cylance Protect - P1 package created HPe Protect 2016 and posted to the ArcSight Marketplace shortly after.

 

The P1 package would be  enugh to start sending parsed events to ArcSight - followed by an L1 and L2 package for the Anti Virus / Monitoring  Activate Package shortly after HPe Protect.

View solution in original post

0 Likes
9 Replies
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Can ArcSight support Cyland Protect?

Jump to solution

Victor

 

HPe ArcSight - currently does not have a Parser for Cylance Protect  -

 

 

Requirements would be a Syslog Connector -- that can collect logs from an Internet Source - and a RegEx Parser for the Syslog container

 

Once you have the RegEX you would just need to insert the Parser into the Syslog connectors - base configuration files.

 

 

 

--- SPOILER ALERT ----

 

I am hoping to have my Cylance Protect - P1 package created HPe Protect 2016 and posted to the ArcSight Marketplace shortly after.

 

The P1 package would be  enugh to start sending parsed events to ArcSight - followed by an L1 and L2 package for the Anti Virus / Monitoring  Activate Package shortly after HPe Protect.

View solution in original post

0 Likes
Highlighted
Frequent Contributor.
Frequent Contributor.

Re: Can ArcSight support Cyland Protect?

Jump to solution

Did you ever get this flex connector on the Marketplace?

0 Likes
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Can ArcSight support Cyland Protect?

Jump to solution
All I wanted to share these out with you - as stated above These should be posted to the Marketplace by HPe.
0 Likes
Highlighted
Trusted Contributor.. Trusted Contributor..
Trusted Contributor..

Re: Can ArcSight support Cyland Protect?

Jump to solution

Thanks for the helpful answer Chris. So right now I'd have to create my own parser for it? Is that what you mean by regex?

0 Likes
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Can ArcSight support Cyland Protect?

Jump to solution

That is correct there are multiple regex tools and it is pretty easy -- plus Cylance has examples in their support area

Sent from my iPhone

0 Likes
Highlighted
Trusted Contributor.. Trusted Contributor..
Trusted Contributor..

Re: Can ArcSight support Cyland Protect?

Jump to solution

Chris,

Any update on this?

0 Likes
Highlighted
Outstanding Contributor.. Outstanding Contributor..
Outstanding Contributor..

Re: Can ArcSight support Cyland Protect?

Jump to solution

I am currently retooling my parser and trying to capture some new SYSLOG files for testing off the smart connector --- once that is done the parser will be on line

my current deployed agent is 1380 --- with the latest hotfix that was released.

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Can ArcSight support Cyland Protect?

Jump to solution

Hi Victor,

There is a FlexConnector that has been developed by the Cylance Professional Services team.  Please get in-touch with your local Cylance account team for the details.

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: Can ArcSight support Cyland Protect?

Jump to solution

Any change you will publish it on Protect?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.