Skip to content
Find out how we support MDR.

Blackberry CylanceOPTICS

API

Beta integrations are provided " AS IS " and free of charge during the beta phase. All use of beta integrations is at your sole discretion, and any use is subject to Sophos End User Terms of Use.

You can integrate CylanceOPTICS with Sophos Central so that it sends data to Sophos for analysis.

This integration is API-based.

The key steps are as follows:

  • Get details of your CylanceOPTICS service.
  • Generate an application secret in CylanceOPTICS.
  • Configure an integration in Sophos Central.

Get details of CylanceOPTICS service

You'll need the following details:

  • The base URL for your service. The URL depends on the region where you use CylanceOPTICS. Choose from:

    • Europe Central: https://protectapi-euc1.cylance.com/
    • Asia-Pacific: North https://protectapi-apne1.cylance.com/
    • Asia-Pacific: Southeast https://protectapi-au.cylance.com/
    • North America https://protectapi.cylance.com/
    • South America https://protectapi-sae1.cylance.com/
    • US Government https://protectapi.us.cylance.com/
  • Your CylanceOPTICS tenant ID.

  • Your CylanceOPTICS application ID.
  • An application secret that you generate in the CylanceOPTICS console.

Generate an application secret

To generate an application secret do as follows:

  1. Sign in to the CylanceOPTICS management console as an administrator.
  2. Click Settings > Integrations.
  3. Find your Tenant ID and copy it to use later.
  4. Click Add Application.
  5. Enter an application name. This must be unique within your organization.
  6. Select the access privileges for Detection.
  7. Click Save.

    You're shown an application ID and application secret.

  8. Copy these to use later in Sophos Central.

    You can view the application ID and secret in the CylanceOPTICS integrations page at any time.

Configure an integration

To integrate CylanceOPTICS with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center > Integrations > Marketplace.
  2. Click Blackberry CylanceOPTICS.

    The Blackberry CylanceOPTICS page opens. You can configure integrations here and see a list of any you've already configured.

  3. In Data Ingest (Security Alerts), click Add Configuration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, you configure an API to collect data from CylanceOPTICS.

    1. Enter a name and a description for the integration.
    2. Enter the Base URL for your region.
    3. Enter the following information you found in the CylanceOPTICS console.

      • Tenant ID
      • Application ID
      • Application secret
  5. Select a request type.

  6. Click Save.

We create the integration and it appears in your list. If its status icon is a green tick, your data should appear in the Sophos Data Lake after validation.

More information