Reference Guide

Manage Policies
238
1. Select Unassigned (n).
2. Click Add File.
3. Enter the file's SHA256 hash number. (required)
4. Enter the file's MD5 number, if available.
5. Enter the file name, if available.
6. Enter the reason the file should be safelisted.
7. Click Submit.
Add the selected file to the Global Quarantine list to prevent it from being run on any device in the
organization. Adding a file to Quarantine removes it from lists of Unsafe or Unassigned files.
1. Select Global Quarantine (n).
2. Select a threat.
3. Click Add File
4. Enter a reason that this file should be global quarantined and click Yes.
Manually Add File to the Global Quarantine list
1. Select Global Quarantine (n).
2. Click Add File.
3. Enter the file's SHA256 hash number. (required)
4. Enter the file's MD5 number, if available.
5. Enter the file name, if available.
6. Enter the reason the file should be quarantined.
7. Click Submit.
Manage Enterprise Advanced Threats - Options
The Options tab allows you to integrate with Security Information Event Management (SIEM) software using
the Syslog feature as well as export Advanced Threat data. SIEM software allows administrators to run
customized analytics on threat data within their environments. Software options include Splunk, available to
Splunkbase users at https://splunkbase.splunk.com/app/3233
.
Syslog events are persisted at the same time Agent events are persisted to the Cylance server. For more
information about supported event types, see Syslog Event Types
.
To integrate with SIEM, select Syslog/SIEM on the Options tab, and complete the form that displays. For a
list of syslog server IP addresses to allow, see Syslog IP Addresses
.
With SIEM integration, to export data about threats, select Threat Data Report on the Options tab. For
instructions and a description of exportable data, see Threat Data Report
.
Threat Data Report
Select Threat Data Report on the Options tab to enable threat data export to .csv files.
The following types of data are available for export: