Reference Guide
Navigate the Dell Server
102
Only available if the Protocol specified is TCP. TLS/SSL ensures the Syslog message is encrypted in transit
from Advanced Threat Prevention to the Syslog server. Dell encourages customers to select this option.
Ensure that the Syslog server is configured to listen for TLS/SSL messages. To use TLS/SSL, it is necessary to
configure the Syslog server and import certificates. For more information, see
Export Audit Events with
TLS/SSL over TCP.
IP/Domain
Specifies the IP address or fully-qualified domain name of the Syslog server that the customer has setup.
Consult with your internal network experts to ensure firewall and domain settings are properly configured.
Port
Specifies the port number on the devices that the Syslog server listens for messages. It must be a number
between 1 and 65535. Typical values are: 512 for UDP, 1235 or 1468 for TCP, and 6514 for Secured TCP
(example: TCP with TLS/SSL enabled).
Severity
Specifies the severity of the messages that should display in the Syslog server. This is a subjective field, and
it may set to whatever level preferred. The value of severity does not change the messages that are
forwarded to Syslog.
Facility
Specifies what type of application is logging the message. The default is Internal (or Syslog). This is used to
categorize the messages when they are received by the Syslog server.
Testing the Connection
Click Test Connection to test the IP/Domain, Port and Protocol settings. If valid values are entered, after a
couple of moments, a success confirmation displays.
Advanced Threat Prevention Syslog IP Addresses
Syslog server IP addresses to allow, by region:
US (includes my.cylance.com and my-vs2.cylance.com):
52.2.154.63
52.20.244.157
52.71.59.248
52.72.144.44
54.88.241.49
AU (my-au.cylance.com):
52.63.15.218
52.65.4.232
EU (my-vs0-euc1.cylance.com and my-vs1-euc1.cylance.com):
52.28.219.170
52.29.102.181
52.29.213.11
Note: This IP Address should remain static.