Stackstorm Integration for Cylance Protect.
This pack uses several configuration values as specified in the configuration schema.
These may be configured via the web interface, the st2 pack config utility, or directly by creating
the file in /opt/stackstorm/configs/cylance.yaml:
If the configuration is edited manually, remember to inform StackStorm of changes by running st2ctl reload --register-configs.
Multi-tenancy is supported in this pack. For each tenant in the config, the following information is needed:
cylance_protect_<tenant_name>
app_id: <your_app_id>
app_secret: <your_app_secret>
tenant_value: <your_app_tenant_value>app_id- Cylance App Idapp_secret- Cylance Application Secret Keytenant_value- Cylance Tenant Value
Add the following to the file /etc/st2/st2.conf
[packs]
enable_common_libs = True
| Action | Description |
|---|---|
cylance_add_hash |
Add a hash to Cylance Quarantine |
cylance_change_policy |
Change policy of a specific device |
cylance_get_device |
Get Device Detail from Cylance |
cylance_get_threat |
Get Threat Detail from Cylance |
cylance_get_threat_url |
Get Threat URL from Cylance |
cylance_get_threat_devices |
Get Threat Device Detail from Cylance |
cylance_remove_hash |
Remove a hash from Cylance Quarantine |