Setting up a Cylance Integration

Cylance is an Artificial Intelligence Based Advanced Threat Prevention Solution for enterprise environments. Privilege Manager (v10.5+) integrates with Cylance to help you proactively act on any unknown applications that run in your environment to prevent potential malware attacks. The steps below walk through how to setup a Cylance Integration in Privilege Manager and then create an example policy to begin using Cylance intelligence in action across your environment.

Keep in mind that while the Cylance integration provides insight into threat analysis, ultimately you can use Privilege Manager policies to act or react in whatever way makes most sense to your organization.

Cylance Connector Installation Steps (On-prem only)

  1. Open a browser on your Privilege Manager Web Server, browse to https://[YourInstanceName]/TMS/Setup/.

  2. On the Currently Installed Products screen, choose Install/Upgrade Products.

  3. Select the Thycotic Cylance Reputation Connector option.

  4. Click Install and accept the End User License Agreement. You will see your Installation Progress. Click on “Show install Logs” link to check for any errors

    If the installation of Cylance initially fails, redirect to https://[YourInstanceName]/TMS/Setup/ and click the Repair button next to the Cylance Product.

  5. Once the Installation is successful, click Home.

Configuring the Cylance Connector

  1. Navigate to Admin | Configuration and select the Reputation tab.

  2. From the Select Rating Provider drop-down, select Cylance Rating Provider.

    Cylance set-up

  3. Enter the required Credentials and Settings details. These details can be found in your Cylance account (login at protect.cylance.com).

    1. In our Cylance account, navigate to Settings and select Integrations. You find the Tenant Id on the right side of the Custom Applications area.

      protect.cylance.com

    2. Select your Privilege Manager integration from the Custom Application list. You find the required Application ID and Application Secret on the left side of the page.

      Custom App

  4. Once the Cylance details are entered in Privilege Manger, click Save Changes.

Create a Cylance Security Rating Filter

  1. Navigate to Admin | Filters.

  2. Click Create Filter.

  3. From the Platform drop-down select either Windows or macOS.

  4. From the Filter Type drop-down select Security Rating Filter.

  5. Name the policy and add a Description.

  6. From the Security Rating System drop-down, select Cylance Rating System.

    creating filter

  7. Click Create.

    add rating

  8. Click Create.

  9. Select the Rating Level you wish to apply. You can also specify a Timeout value and Error Handling conditions on timeout and/or on failure, the options are:

    • Matched
    • Not Matched

  10. Click Save Changes.

Create a Cylance Policy

Use the Application Policies wizard to create a policy that uses the Cylance Security Rating filter created in the steps above.