Skip to main content
 

Tip

This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!

Step 1: Enable console access

  1. Log in to the CylancePROTECT AV Console as an administrator.

  2. Click Settings > Users.

  3. Add a user for Expel with a Read-Only role.

Step 2: Generate API credentials

  1. Log in to the CylancePROTECT AV Console as an administrator. Only administrators can create an application integration.

  2. Select Settings > Integrations.

  3. Click Add Application.

    Screen Shot 2021-03-05 at 10.23.23 AM.png
  4. Type an Application Name. This must be unique within your organization.

  5. Select Threats READ, Devices READ, and Users READ privileges.

    Screen Shot 2021-03-05 at 10.24.02 AM.png
  6. Click Save. The application credentials appears.

    Screen Shot 2021-03-05 at 10.25.50 AM.png
  7. Copy the Tenant ID located in the Integrations page and save for onboarding in Workbench.

    Screen Shot 2021-03-05 at 10.24.48 AM.png
  8. Note your Cylance Service Endpoint. This can be found by mapping your CylancePROTECT AV in the table below. For example: https://protect-euc1.cylance.com is https://protectapi-euc1.cylance.com

    URL

    Service Endpoint

    https://protect-apne1.cylance.com

    https://protectapi-apne1.cylance.com

    https://protect-euc1.cylance.com

    https://protectapi-euc1.cylance.com

    https://protect-au.cylance.com

    https://protectapi-au.cylance.com

    https://protect-sae1.cylance.com

    https://protectapi-sae1.cylance.com

    https://protect.us.cylance.com

    https://protectapi.us.cylance.com

    https://protect.cylance.com

    https://protectapi.cylance.com

Step 3: Configure the technology in Workbench

  1. In a new browser tab, login to https://workbench.expel.io.

  2. On the console page, navigate to Settings and click Security Devices.

  3. At the top of the page, click Add Security Device.

    image-1
  4. Search for and select CylancePROTECT AV.

    Screen Shot 2021-03-05 at 10.27.14 AM.png
  5. For Name type the hostname of the CylancePROTECT AV device.

    Screen Shot 2021-03-05 at 10.27.48 AM.png
    • Location type the geographic location of the appliance.

    • Tenant ID type the Tenant ID generated in Step 2.

    • Application ID type the Application ID generated in Step 2.

    • Application secret type the application secret generated in Step 2.

    • Service Endpoint type your correct Service Endpoint from the table in Step 2.