Creating an extended integration for CylancePROTECT assets

Let Oomnitza be your single source of truth!

The CylancePROTECT Asset Load returns a list of devices with Cylance applications installed. 

You'll get complete visibility of your assets information as data from CylancePROTECT is automatically transformed into consumable information and actionable insights. 

Connect Oomnitza and CylancePROTECT in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

• Configurable dashboards and list views of key asset information
• Configurable reports to share information about assets and software with your colleagues and management such as corporate-wide reports that detail the distribution and status of the assets in your environment

Navigation

Creating the integration

Creating custom mappings

Before you start

Before you can create the integration with Oomnitza, you need to have added your CylancePROTECT credentials to Oomnitza and set your CylancePROTECT Endpoint Subdomain as a global variable. For further information, refer to Adding your CylancePROTECT credentials to Oomnitza.

Creating the asset integration

1. In Oomnitza, click Configuration> Integrations> Overview.
2. Click Block view
3. Scroll down to the Extended section for asset integrations.
4. Click NEW INTEGRATION.
5. Select the integration in the sidebar.
6. Click ADD.

Integration details overview

More information is provided about the following fields to help you complete the integration:

Installation type

Select Cloud if you want to store credentials in the Oomnitza cloud.

Select Local if you want to store credentials locally. Local extended integrations do not support AWS and OAuth authentication. If you want to sync Oomnitza with vendor applications that require AWS or OAUTH authentication, select Cloud.

Integration preferences

By default, the option Create & Update option is selected. Select this option  when you want to edit records and add new records. If you want to edit records and not add new records, select Update Only. If you only want to add new records, select Create Only.

Integration details

To review or update the integrations details, click Edit .

1. Update the integration name if necessary. 
2. Select an installation type.
3. For integration preferences, select an option.
4. Enter the name of the integration user.

Credential details

If you selected Cloud as the installation type, choose one of the following options:

• Select the credentials that were created for the integration.
• Edit the credentials that were created for the integration.
• Create new credentials

Schedule

By default, data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

1. Click the Edit .
2. Configure your schedule.
3. Click Update.

Mappings

To map the fields to Oomnitza, click Edit .

You can define rules for your integration by selecting Edit integration on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.  
You can add new fields to your integration by selecting Add new field   on the mapping page. All you need to do is specify the property name. See Creating custom API fields. 

Creating custom mappings

Map CylancePROTECT fields to Oomnitza fields to get the asset information that you need. For the field mapping, it is recommended to follow these steps:

1. Click Smart Mapping.
2. Create a custom mapping for the Cylance Device ID field. To do this, complete these steps:
   1. Click the down arrow on the Cylance Device ID field.
   2. Select Add new Oomnitza assets field.
   3. Change the name of the new field to Cylance Device ID. 
   4. Click CREATE. 
3. Create another custom mapping for the MAC Address following the steps above. Change the name of the new field to Cylance Device MAC Address
4. Map and assign a sync key to a unique field.
5. Click UPDATE.

Tracking information for asset loads 

When the integration is run, you can track the name of the credentials that were used and the source of the data. To do this, you map the following fields to Oomnitza:   

• Connect: Credentials
• Connect: Domain

Custom mappings

Agent Version
Asset Type
Background Detection?
Connector Sync Time
Created
Cylance Device ID
DLCM Status
Days To Deletion
Device Carrier
Device Name
Distinguished Name (LDAP)
Hostname
IP Address
Last Logged In User
Last Modified
MAC Address
Model
OS Description
OS Kernel Version
OS Version
Offline Date
Policy
Quarantined Threat Count
Safe Status
Safe?
State
Unresolved Threat Count
Update Available?
Update Type

Launching the integration

Your integration is in Draft mode until the required mandatory fields are added. When added, click Launch to activate your integration. 

If you selected Cloud as the installation type when creating the integration, see Running an extended integration

If you selected Local as the installation type when creating the integration, see Running an extended integration locally.

Viewing data ingested by Oomnitza

Viewing ingested asset data

For asset integrations, click Hardware. If the asset integration also ingests software data, click Software.

Viewing ingested user data

For user integrations, click People. If you chose the option to ingest User and SaaS user data, click Software > SaaS, click the SaaS app, and then click the Users tab. 

Related Links

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

• Configure dashboards for your users and software
• Configure custom reports about your users and software
• Create workflows to automate tasks

See Getting started for more information.