Impelix IMPACT Integration
with CylancePROTECT
The Impelix IMPACT platform ingests telemetry from your all your security products as well as third-party feeds (threat intelligence, cybersecurity risk, business resilience intelligence, etc.) and delivers event correlation, security control efficacy, and compliance monitoring.
We believe that the more data ingested into IMPACT, the more context you will have regarding security incidents, which will allow effective and efficient incident response and compliance management. Therefore, we encourage and facilitate connecting vendor products telemetry with Impelix IMPACT platform.
CylancePROTECT
Connecting CylancePROTECT
- Log in to the Cylance Console as an administrator. Only administrators can create an application integration.
- Select Settings > Integrations.
- Click Add Application.
- Type an Application Name. This must be unique within your organization.
- Select the access privileges for a Console data type. Not selecting any checkboxes for a data type means the application does not have access to that data type.
- Select “READ” access
- Click Save
- Make note of the Application ID and Application Secret
Impelix IMPACT Configuration
- Go to Admin > SOAR > Cylance Protect > Config
- Click the checkbox for Enable the Cylance Protect Integration
- Paste the Application ID, Application Secret, and Tenant ID
- Click the disk icon (Save)
- Click Jobs and go to Artifacts from Cylance
- Select Triggers, expanding Manual Trigger and Interval Trigger
- Toggle both to State: ENABLED
- The Interval Trigger is set to 2 hours by default, but you can update it to what best suits your organization. (Recommended: 10 minutes)
- Click the disk icon (Save)
- It can take up to 24 hours for “Cylance” to be listed as an Artifact Source under Report > Tool Effectiveness > Artifact Source Types
