Skip to content
Find out how we support MDR.

Blackberry CylanceOPTICS

API

This feature might not be available for all customers yet.

Identifies potential unknown malware, fileless attacks, and zero-day payload execution.

This integration is API-based.

The key steps are as follows:

  • Get details of your CylanceOPTICS service.
  • Generate an application secret in CylanceOPTICS.
  • Add an integration in Sophos Central.

Get details of CylanceOPTICS service

You'll need the following details:

  • The base URL for your service. The URL depends on the region where you use CylanceOPTICS. Choose from:
    • Europe Central: https://protectapi-euc1.cylance.com/
    • Asia-Pacific: North https://protectapi-apne1.cylance.com/
    • Asia-Pacific: Southeast https://protectapi-au.cylance.com/
    • North America https://protectapi.cylance.com/
    • South America https://protectapi-sae1.cylance.com/
    • US Government https://protectapi.us.cylance.com/
  • Your CylanceOPTICS tenant ID.
  • Your CylanceOPTICS application ID.
  • An application secret that you generate in the CylanceOPTICS console.

Generate an application secret

To generate an application secret do as follows:

  1. Sign in to the CylanceOPTICS management console as an administrator.
  2. Click Settings > Integrations.
  3. Find your Tenant ID and copy it to use later.
  4. Click Add Application.
  5. Enter an application name. This must be unique within your organization.
  6. Select the access privileges for Detection.
  7. Click Save.

    You're shown an application ID and application secret.

  8. Copy these to use later in Sophos Central.

    You can view the application ID and secret in the CylanceOPTICS integrations page at any time.

Add an integration

To integrate CylanceOPTICS with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center and click Integrations.
  2. Click Blackberry CylanceOPTICS.

    If you've already set up integrations of this type, you see them here.

  3. Click Add integration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, you configure an API to collect data from CylanceOPTICS.

    1. Enter a name and a description for the integration.
    2. Enter the Base URL for your region.
    3. Enter the following information you found in the CylanceOPTICS console.

      • Tenant ID
      • Application ID
      • Application secret
  5. Select a request type.

  6. Click Save.

We create the integration and it appears in your list.

If your integration shows as Connected, your data should appear in the Sophos Data Lake after validation.

More information