Skip to main content
Sign in

Creating workflows for CylancePROTECT users

  • April 17, 2024 08:18
  • Updated

Let Oomnitza be your single source of truth!

You'll get visibility of your users as data from CylancePROTECT is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and CylancePROTECT in minutes

You'll get visibility of your CylancePROTECT users by creating configurable workflows to automate tasks such as:

    • Onboarding and offboarding users
    • Retrieving SaaS user roles
    • Getting a user's last login activity, enabling you to identify accounts that are underutilized or that can be canceled

Contents

  1. Before you start
  2. Creating workflows
  3. Create user workflows
    1. CylancePROTECT
    2. CylancePROTECT Create User
    3. CylancePROTECT Delete User
    4. CylancePROTECT Get User Details
    5. CylancePROTECT Update User
    6. CylancePROTECT Send Invite Email
    7. CylancePROTECT Send Reset Password Email
    8. CylancePERSONA
    9. CylancePERSONA Get User Details
  4. Creating SaaS user workflows

Before you start

Before you can create the integration with Oomnitza, you need to have added your CylancePROTECT credentials to Oomnitza and set your CylancePROTECT Endpoint Subdomain as a global variable. For further information, refer to Adding your CylancePROTECT credentials to Oomnitza.

We recommend that you also create the extended integration for CylancePROTECT users.  You can use the information retrieved in these integrations to trigger workflows that can get user information.

Creating workflows

Create user workflows

To create a user workflow, you must complete these steps:  

  1. Click Configuration > Workflows 
  2. Click Add (+) and select People from the list.
  3. Drag and drop the API block onto the Sandbox.
  4. Click Edit on the API block and enter Cylance in the search field. 
  5. Select a preset:
  6. To choose a preset, click the forward arrow (>).
  7. Select the credentials that you created in Adding your CylancePROTECT credentials to Oomnitza.
  8. Your Subdomain should be derived from the global variable you created in Adding the CylancePROTECT API Subdomain as a global variable.
  9. Configure the API Block following the preset instructions below, and save your changes.
  10. Edit the Begin Block and add rules to trigger the workflow. For example, if you set the Actions to Schedule and add a rule so that the Email Equals <EmployeeEmail> you can trigger a workflow to fetch a user matching a certain name on a specific date. Refer to Using the Begin block. 
  11. Connect the Blocks. 
  12. Save, validate, and activate your workflow.

CylancePROTECT

Using the Create User preset

The Create User preset creates a new console user. When you select this preset you need to supply the information detailed in the below table.

Field Name Value
User Role This is the user's role in the console.
• User: 00000000-0000-0000-0000-000000000001
• Administrator: 00000000-0000-0000-0000-000000000002
• Read-Only: 00000000-0000-0000-0000-000000000003
Zone ID  Unique identifier for the zone 
Role Type

User's role for this particular zone.

• None: 00000000-0000-0000-0000-000000000000
• Zone Manager: 00000000-0000-0000-0000-000000000001
• User: 00000000-0000-0000-0000-000000000002

Note
If the user is an Administrator, the Zone ID and Role Type are not required.
To create a zone manager, set the User Role to User and assign the Zone Manager Role Type.
Setting the user_role to Read-Only and specifying a Zone ID and Role Type will result in a bad request error.

You can configure the message payload by selecting Advanced Mode.

In the API block window, click the Advanced Mode button located in the upper right of the window.

Select the Body tab. Ensure that the message body contains information similar to the request example below.

{
     "email": "testuser@email.com",
     "user_role": "00000000-0000-0000-0000-000000000001",
     "first_name": "Test",
     "last_name": "User",
     "zones": 
[
    {
    "id": "d27ff5c4-5c0d-4f56-a00d-a1fb297e440e",
    "role_type": "00000000-0000-0000-0000-000000000002"
    }
 ]
}

 

Select the Response tab. You can map the entire response by placing {{response}} in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. Once you have the entire response, you can then parse the JSON response values to custom Oomnitza fields as per the example below.

api_response.PNG

Using the Delete User preset

The Delete User preset deletes an existing console user, by User ID. You can configure the message payload by selecting Advanced Mode.

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. Select the Information tab. You will notice that the CylancePROTECT User ID is referenced in the property {{cylance_user_id}}.Follow the mapping steps in Creating custom mappings so that this property exists in Oomnitza and is populated with information before you run this workflow.
  3. Select the Response tab. You can map the message response as per the example in the Create User preset.

Using the Get User Details preset

The Get User Details preset gets a user's details, by User ID. You can configure the message payload by selecting Advanced Mode similar to the Delete User preset.

Using the Update User preset

The Update User preset updates an existing console user. When you select this preset you need to supply the new user details, including the User Role, Zone ID, and Role Type. Refer to the Create User preset for further information.

You can configure the message payload by selecting Advanced Mode.

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. Select the Information tab. You will notice that the CylancePROTECT User ID is referenced in the property {{cylance_user_id}}.Follow the mapping steps in Creating custom mappings so that this property exists in Oomnitza and is populated with information before you run this workflow.
  3. Select the Response tab. You can map the message response as per the example in the Create User preset.

Using the Send Invite Email preset

The Send Invite Email preset sends a console login invitation to a user who has not logged into the console yet. 

You can configure the message payload by selecting Advanced Mode.

  1. In the API block window, click the Advanced Mode button located in the upper right of the window.
  2. Select the Information tab. You will notice that the CylancePROTECT User Email is referenced in the property {{email}}.The User Email must already exist in the CylancePROTECT console. You can create a CylanceProtect user using the Create User preset.
  3. Select the Response tab. You can map the message response as per the example in the Create User preset.

Using the Send Reset Password Email preset

The Send Reset Password Email preset sends a reset password email to a user. You can configure the message payload by selecting Advanced Mode similar to the Send Invite Email preset.

CylancePERSONA

Using the Get User Details preset

The Get User Details preset gets the details of a specific CylancePERSONA Desktop user, including the devices that the user has logged into. When you select this preset you need to go to Advanced Mode>Information and ensure that the property {{cylance_persona_desktop_user_id}} exists in Oomnitza and is populated with information before you trigger a workflow. You can map the message response as per the example in the Create User preset.

articles_icon.svg Reference articles for workflows

Creating SaaS user workflows

You can create a Saas User workflow in Oomnitza using the CylancePROTECT User Role preset.  This preset supplies you with the Role and Last Login Date of your SaaS users.

Prerequisites

Before you create a SaaS user workflow, you should have already run your extended user integration and selected User plus SaaS User to populate the software entry in the Software > SaaS menu.

To create a Saas User workflow using the CylancePROTECT User Role preset, complete the following steps:

  1. Click Configuration > Workflows 
  2. Click Add (+) and select Software SaaS Users from the list.
  3. Enter the name and a description of the workflow. 
  4. Edit the Begin block by adding the rules that will trigger the workflow. For further information see SaaS User Roles.
  5. Click the Blocks tab, and drag and drop the SaaS User Role retrieval block onto the canvas.
  6. Click the Edit icon.
  7. Enter CylancePROTECT in the search field and choose the CylancePROTECT User Role preset.
  8. Click the right arrow >.
  9. Enter your Credentials.
  10. Your Subdomain should be derived from the global variable you created in Adding the CylancePROTECT API Subdomain as a global variable.
  11. Select the Deactivate User checkbox to deactivate the SaaS user in SaaS > CylancePROTECT > Users if they are not found in your CylancePROTECT instance.
  12. Click SAVE.
  13. Connect the blocks.
  14. Save, validate, and activate your workflow.

To view active CylancePROTECT users in the SaaS Users UI, complete the following steps:

  1. Click Software from the menu.
  2. Select the SaaS tab, and select your software entry for CylancePROTECT.
  3. Click Users in the side pane.
  4. The Role and Last activity column will be populated with the user details to confirm that this user has been found in your CylancePROTECT SaaS. 

Reference articles for creating workflows

CylancePROTECT API Documentation

Related articles

Comments

0 comments

Please sign in to leave a comment.