{"type":"doc","content":[{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{"minLevel":{"value":"2"},"maxLevel":{"value":"2"},"type":{"value":"flat"}},"macroMetadata":{"macroId":{"value":"39502c5c4c2a88a0a5875bb5867a382c"},"schemaVersion":{"value":"1"},"title":"org.randombits.confluence.toc.toc.label"}},"localId":"72c9b4a1-f493-4b84-b268-16358df35c8b"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Configuration requirements","type":"text"}]},{"type":"paragraph","content":[{"text":"To run this collector, there are some configurations detailed below that you need to consider.","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"5eff26c3-f1bf-48f1-bc66-75d38031e771"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Configuration","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Cylance APP","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":" You need to run a Cylance app. ","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Application ID","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Once you create the App, it gives you an ","type":"text"},{"text":"Application ID","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Application Secret","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Once you create the App, it gives you an ","type":"text"},{"text":"Application Secret","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Tenant ID","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"You can find it in your Cylance console.","type":"text"}]}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"More information","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"Refer to the ","type":"text"},{"text":"Vendor setup ","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.devo.com/space/latest/198246404#Vendor-setup"}}]},{"text":"section to know more about these configurations.","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"Cylance","type":"text","marks":[{"type":"link","attrs":{"href":"https://login.cylance.com/Login?from=VenueWeb"}}]},{"text":" is an ","type":"text"},{"text":"AI-based Endpoint Protection Platform (EPP)","type":"text","marks":[{"type":"strong"}]},{"text":" that blocks cyberattacks and provides controls for safeguarding against sophisticated threats. It protects organizations with networks where Internet access is severely restricted or not allowed (air-gapped environments). This collector facilitates the security-related communication between the virtual server that acts as the Cylance console and the local infrastructure - endpoints with CylancePROTECT agents installed - without exposing the local network to the broader internet","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Devo collector features","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"0ab3b2ef-2f2a-4b04-9967-e08c1200cb68"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Feature","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Allow parallel downloading (","type":"text"},{"text":"multipod","type":"text","marks":[{"type":"code"}]},{"text":")","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Not allowed","type":"text","marks":[{"type":"code"}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Running environments","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Collector server","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"On-premise","type":"text","marks":[{"type":"code"}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Populated Devo events","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Table","type":"text","marks":[{"type":"code"}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"paragraph","content":[{"text":"Flattening preprocessing","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[380.0]},"content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Yes","type":"text","marks":[{"type":"code"}]}]}]}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Data sources","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"0afa2c60-94a5-421c-aa2a-f8704a20bd40"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":"Data source","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"API endpoint","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"Collector service name","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"Devo table","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"Available from release","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":"Threats","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"Get information for a specific threat in a tenant.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"https://protectapi-{region-code}.cylance.com/threats/v2","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"threats","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"edr.blackberry.cylance.threats","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"center"}}],"content":[{"text":"v1.0.0","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":"Users","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"Request a page with a list of console user resources belonging to a tenant.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"https://protectapi-{region-code}.cylance.com/users/v2","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"users","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"edr.blackberry.cylance.users","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"center"}}],"content":[{"text":"v1.0.0","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":"Devices","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"Request a page with a list of device resources belonging to a tenant.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"https://protectapi-{region-code}.cylance.com/devices/v2","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"devices","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"edr.blackberry.cylance.devices","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"center"}}],"content":[{"text":"v1.0.0","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":"Policies","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"Request a page with a list of console policies belonging to a tenant.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"https://protectapi-{region-code}.cylance.com/policies/v2","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"policies","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"edr.blackberry.cylance.policies","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"center"}}],"content":[{"text":"v1.0.0","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":"Detections","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"Request a page with a list of detections belonging to a tenant.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"https://protectapi-{region-code}.cylance.com/detections/v2","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"detections","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"edr.blackberry.cylance.optics_detections","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"center"}}],"content":[{"text":"v1.0.0","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":"Detection Rules","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"Retrieve a list of Detection rules available in a tenant.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"https://protectapi-{region-code}.cylance.com/rules/v2","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"detection_rules","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"edr.blackberry.cylance.optics_detections_rules","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"center"}}],"content":[{"text":"v1.0.0","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":"Detection Exceptions","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"Retrieve a list of detection exception rules available in a tenant.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"https://protectapi-{region-code}.cylance.com/exceptions/v2","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"detection_exceptions","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","content":[{"text":"edr.blackberry.cylance.optics_detections_exceptions","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[125.0]},"content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"center"}}],"content":[{"text":"v1.0.0","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"paragraph","content":[{"text":"For more information on how the events are parsed, ","type":"text"},{"text":"visit our page","type":"text","marks":[{"type":"link","attrs":{"href":"https://devodocs.atlassian.net/wiki/spaces/latest/pages/94662416"}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Flattening preprocessing","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"1fcd3685-ac24-4222-a47e-31f29404ba01"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[121.0]},"content":[{"type":"paragraph","content":[{"text":"Data source","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"Collector service","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[119.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[364.0]},"content":[{"type":"paragraph","content":[{"text":"Flattening details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[121.0]},"content":[{"type":"paragraph","content":[{"text":"Threats","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"threats","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[119.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[364.0]},"content":[{"type":"paragraph","content":[{"text":"Original structure:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"ip_addresses\": [\"10.0.2.15\"],\n \"mac_addresses\": [\"08-00-27-E6-E5-59\"]\n}","type":"text"}]},{"type":"paragraph","content":[{"text":"Result:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"related_ips\": 1,\n \"ip\": \"10.0.2.15\",\n \"related_ip_count\": 1,\n \"related_macs\": 1,\n \"mac\": \"08-00-27-E6-E5-59\",\n \"related_mac_count\": 1\n}","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[121.0]},"content":[{"type":"paragraph","content":[{"text":"Devices","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"devices","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[119.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[364.0]},"content":[{"type":"paragraph","content":[{"text":"Original structure:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"products\": [\n {\n \"name\": \"protect\",\n \"version\": \"3.0.1000\",\n \"status\": \"Online\"\n }\n ],\n \"policy\": {\n \"id\": \"f92e4b70-1c44-4898-b2f9-21207381abee\",\n \"name\": \"Default\"\n },\n \"ip_addresses\": [\n \"10.0.2.15\"\n ],\n \"mac_addresses\": [\n \"08-00-27-E6-E5-59\"\n ]\n}","type":"text"}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]},{"type":"paragraph","content":[{"text":"Result:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"related_ips\": 1,\n \"ip\": \"10.0.2.15\",\n \"related_ip_count\": 1,\n \"related_macs\": 1,\n \"mac\": \"08-00-27-E6-E5-59\",\n \"related_mac_count\": 1,\n \"policy_id\": \"f92e4b70-1c44-4898-b2f9-21207381abee\",\n \"policy_name\": \"Default\",\n \"product_name\": \"protect\",\n \"product_version\": \"3.0.100\",\n \"product_status\": \"Online\",\n}","type":"text"}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[121.0]},"content":[{"type":"paragraph","content":[{"text":"Policies","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"policies","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[119.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[364.0]},"content":[{"type":"paragraph","content":[{"text":"Original structure:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"policy\": [\n {\n \"name\": \"auto_blocking\",\n \"value\": \"0\"\n },\n {\n \"value\": \"0\",\n \"name\": \"auto_uploading\"\n }\n ],\n \"logpolicy\": {\n \"log_upload\": null,\n \"maxlogsize\": \"100\",\n \"retentiondays\": \"30\"\n }\n}","type":"text"}]},{"type":"paragraph","content":[{"text":"Result:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"log_policy_log_upload\": null,\n \"log_policy_maxlogsize\": \"100\",\n \"log_policy_retentiondays\": \"30\",\n \"related_policys\": 43,\n \"related_policy_count\": 22,\n \"policy_name\": \"Default\",\n \"policy_value\": \"0\"\n}","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[121.0]},"content":[{"type":"paragraph","content":[{"text":"Detections","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"detections","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[119.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[364.0]},"content":[{"type":"paragraph","content":[{"text":"Original structure:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"Detector\": {\n \"Name\": \"OpticsDetector\",\n \"Version\": \"3\"\n },\n \"Device\": {\n \"CylanceId\": \"62fc6104-c288-440f-acfa-fa0ba7bb359f\",\n \"Name\": \"MSEDGEWIN10\",\n \"IpAddresses\": [\n \"fe80::c50d:519f:96a4:e108%5\",\n \"10.0.2.15\"\n ],\n \"LoggedOnUsers\": [\n {\n \"AccountType\": \"Normal\",\n \"FullName\": \"IEUser\",\n \"Id\": \"S-1-5-21-3461203602-4096304019-2269080069-1000\",\n \"User\": \"MSEDGEWIN10\\\\IEUser\"\n }\n ]\n },\n \"DetectionRule\": {\n \"Name\": \"Internet Browser Launched Unsigned Process\",\n \"Id\": \"dd64897b-5cbf-4df3-beca-ec17c18add71\",\n \"PolicyGroup\": \"CylanceOfficialDetectionRuleset\",\n \"Version\": 3,\n \"ObjectType\": \"DetectionRule\",\n \"Description\": \"An Internet browser has spawned a new child process that is not signed\",\n \"Category\": \"Cylance Windows Official\"\n }\n}","type":"text"}]},{"type":"paragraph","content":[{"text":"Result:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"detection_rule_Name\": \"Internet Browser Launched Unsigned Process\",\n \"detection_rule_Id\": \"dd64897b-5cbf-4df3-beca-ec17c18add71\",\n \"detection_rule_PolicyGroup\": \"CylanceOfficialDetectionRuleset\",\n \"detection_rule_Version\": 3,\n \"detection_rule_ObjectType\": \"DetectionRule\",\n \"detection_rule_Description\": \"An Internet browser has spawned a new child process that is not signed\",\n \"detection_rule_Category\": \"Cylance Windows Official\",\n \"detector_Name\": \"OpticsDetector\",\n \"detector_Version\": \"3\",\n \"device_CylanceId\": \"62fc6104-c288-440f-acfa-fa0ba7bb359f\",\n \"device_Name\": \"MSEDGEWIN10\",\n \"device_IpAddresses\": [\n \"fe80::c50d:519f:96a4:e108%5\",\n \"10.0.2.15\"\n ],\n \"device_LoggedOnUsers\": [\n {\n \"AccountType\": \"Normal\",\n \"FullName\": \"IEUser\",\n \"Id\": \"S-1-5-21-3461203602-4096304019-2269080069-1000\",\n \"User\": \"MSEDGEWIN10\\\\IEUser\"\n }\n ],\n \"product_Name\": \"CylanceOPTICS\",\n \"product_Version\": \"2.5.3010.1204\",\n \"related_zone_ids\": 1,\n \"zone_id\": \"1931D5ED09C5417E904E7EEC30844C87\",\n}","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[121.0]},"content":[{"type":"paragraph","content":[{"text":"Detection Rules","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"detection_rules","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[119.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[364.0]},"content":[{"type":"paragraph","content":[{"text":"Original structure:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"Product\": {\n \"Name\": \"CylanceOPTICS\"\n },\n \"Plugin\": {\n \"Name\": \"OpticsDetector\"\n }\n}","type":"text"}]},{"type":"paragraph","content":[{"text":"Result:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"product_Name\": \"CylanceOPTICS\",\n \"plugin_Name\": \"OpticsDetector\"\n}","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[121.0]},"content":[{"type":"paragraph","content":[{"text":"Detection Exceptions","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"detection_exceptions","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[119.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[364.0]},"content":[{"type":"paragraph","content":[{"text":"Original structure:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"Product\": {\n \"Name\": \"CylanceOPTICS\"\n },\n \"Plugin\": {\n \"Name\": \"OpticsDetector\"\n },\n}","type":"text"}]},{"type":"paragraph","content":[{"text":"Result:","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"product_Name\": \"CylanceOPTICS\",\n \"plugin_Name\": \"OpticsDetector\"\n}","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Vendor setup","type":"text"}]},{"type":"paragraph","content":[{"text":"There are some minimum requirements that are needed to set up the collector. In order to retrieve the data, we need to create an ","type":"text"},{"text":"application_id","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"application_secret","type":"text","marks":[{"type":"strong"}]},{"text":" to authenticate the collector.","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Log into the dashboard.","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"center","width":45.0},"content":[{"type":"media","attrs":{"width":352,"id":"812a06bb-8680-486d-8d0d-9900b10e90dc","collection":"contentId-198246404","type":"file","height":163}}]},{"type":"paragraph"}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Register an app. Go to ","type":"text"},{"text":"Settings → Integrations","type":"text","marks":[{"type":"strong"}]},{"text":" and click on ","type":"text"},{"text":"Application","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Give the ","type":"text"},{"text":"read permissions","type":"text","marks":[{"type":"strong"}]},{"text":" to the Application and click on ","type":"text"},{"text":"Save","type":"text","marks":[{"type":"strong"}]},{"text":". ","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":347,"id":"989e0e17-303a-41c9-b5ee-5243402ecf54","collection":"contentId-198246404","type":"file","height":525}}]},{"type":"paragraph"}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Save the ","type":"text"},{"text":"Application ID","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"Application secret","type":"text","marks":[{"type":"strong"}]},{"text":". Note: The Application ID and Application Secret only display once.","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":350,"id":"56f2e52d-4651-4c88-a955-a3aeb32eec97","collection":"contentId-198246404","type":"file","height":137}}]},{"type":"paragraph"}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Copy the ","type":"text"},{"text":"Tenant ID","type":"text","marks":[{"type":"strong"}]},{"text":" in a safe place.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Minimum configuration required for basic pulling","type":"text"}]},{"type":"paragraph","content":[{"text":"Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check the setting sections for details.","type":"text"}]}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"efd11013-7fef-486a-8840-e034e95f849d"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[255.0]},"content":[{"type":"paragraph","content":[{"text":"Setting","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[505.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[255.0]},"content":[{"type":"paragraph","content":[{"text":"application_id","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[505.0]},"content":[{"type":"paragraph","content":[{"text":"Application ID of the application created during the setup.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[255.0]},"content":[{"type":"paragraph","content":[{"text":"application_secret","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[505.0]},"content":[{"type":"paragraph","content":[{"text":"Application secret created during the setup.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[255.0]},"content":[{"type":"paragraph","content":[{"text":"tenant_id","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[505.0]},"content":[{"type":"paragraph","content":[{"text":"Tenant ID of the application created during the setup.","type":"text"}]}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"See the ","type":"text"},{"text":"Accepted authentication methods","type":"text","marks":[{"type":"strong"},{"type":"link","attrs":{"href":"https://docs.devo.com/space/latest/198246404#Accepted-authentication-methods"}}]},{"text":" section to verify what settings are required based on the desired authentication method.","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Accepted authentication methods","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"20e33dfb-11b0-4e27-b2a1-64897bc17839"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[264.0]},"content":[{"type":"paragraph","content":[{"text":"Authentication method","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[175.0]},"content":[{"type":"paragraph","content":[{"text":"Application ID","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[182.0]},"content":[{"type":"paragraph","content":[{"text":"Application Secret","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[139.0]},"content":[{"type":"paragraph","content":[{"text":"Tenant ID","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[264.0]},"content":[{"type":"paragraph","content":[{"text":"Application Id/Application Secret/Tenant ID","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[175.0]},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"green","style":"bold","text":"REQUIRED","localId":"d4308748-e25c-4896-9ae9-a400db64d9f8"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[182.0]},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"green","style":"bold","text":"REQUIRED","localId":"df6e3d48-8655-408f-bad9-198c917c38e9"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[139.0]},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"green","style":"bold","text":"REQUIRED","localId":"e81e998d-fd42-4242-84f5-d80748ed8099"}}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Run the collector","type":"text"}]},{"type":"paragraph","content":[{"text":"Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (","type":"text"},{"text":"Cloud collector","type":"text","marks":[{"type":"underline"}]},{"text":"), or deploy and host the collector in your own machine using a Docker image (","type":"text"},{"text":"On-premise collector","type":"text","marks":[{"type":"underline"}]},{"text":").","type":"text"}]},{"type":"bodiedExtension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"rw-ui-tabs-macro","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"6a805bc0-abf6-4d98-987c-6a9164c77642"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://static.dg.refinedtheme.refinedwiki.com/refinedtheme-for-cloud/macro-icons/tab-container.png"}}],"title":"Refined Tab Container"}},"localId":"51a38310-b288-4fb7-a20e-43dcd020e55a"},"content":[{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"rw-tab","parameters":{"macroParams":{"title":{"value":"Cloud collector"}},"macroMetadata":{"macroId":{"value":"2825992cb366f7c43cdf1373692654dc"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://static.dg.refinedtheme.refinedwiki.com/refinedtheme-for-cloud/macro-icons/tab.png"}}],"title":"Refined Tab"}},"localId":"7616f42d-d27c-41bc-81ae-3279b0142d87"}},{"type":"paragraph","content":[{"text":"We use a piece of software called Collector Server to host and manage all our available collectors.","type":"text"}]},{"type":"paragraph","content":[{"text":"To enable the collector for a customer:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Collector Server","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"GUI","type":"text","marks":[{"type":"strong"}]},{"text":", access the ","type":"text"},{"text":"domain","type":"text","marks":[{"type":"strong"}]},{"text":" in which you want this instance to be created","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Click ","type":"text"},{"text":"Add Collector","type":"text","marks":[{"type":"strong"}]},{"text":" and find the one you wish to add.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Version","type":"text","marks":[{"type":"strong"}]},{"text":" field, select the latest value.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Collector Name","type":"text","marks":[{"type":"strong"}]},{"text":" field, set the value you prefer (this name must be unique inside the same Collector Server domain).","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the sending method select ","type":"text"},{"text":"Direct Send. Direct Send","type":"text","marks":[{"type":"strong"}]},{"text":" configuration is optional for collectors that create ","type":"text"},{"text":"Table","type":"text","marks":[{"type":"code"}]},{"text":" events, but mandatory for those that create ","type":"text"},{"text":"Lookups","type":"text","marks":[{"type":"code"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"Parameters","type":"text","marks":[{"type":"strong"}]},{"text":" section, establish the ","type":"text"},{"text":"Collector Parameters","type":"text","marks":[{"type":"strong"}]},{"text":" as follows below:","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Editing the JSON configuration","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"global_overrides\": {\n \"debug\": \n },\n \"inputs\": {\n \"cylance_common_data_puller\": {\n \"id\": \"\",\n \"enabled\": true,\n \"region_code\": \"\",\n \"credentials\": {\n \"application_id\": \"\",\n \"application_secret\": \"\",\n \"tenant_id\": \"\"\n },\n \"services\": {\n \"threats\": {\n \"historic_date_utc\": \"\",\n \"request_period_in_seconds\": ,\n \"rate_limiter\": {\n \"period_in_seconds\": ,\n \"requests_limit_in_units\": \n },\n \"override_flatten_ip_addresses\": ,\n \"override_flatten_mac_addresses\": ,\n \"override_enrich_devices\": \n },\n \"devices\": {\n \"request_period_in_seconds\": ,\n \"rate_limiter\": {\n \"period_in_seconds\": ,\n \"requests_limit_in_units\": \n },\n \"override_flatten_ip_addresses\": ,\n \"override_flatten_mac_addresses\": ,\n \"override_flatten_policy\": ,\n \"override_flatten_product\": \n },\n \"policies\": {\n \"request_period_in_seconds\": ,\n \"rate_limiter\": {\n \"period_in_seconds\": ,\n \"requests_limit_in_units\": \n },\n \"override_flatten_policies\": ,\n \"override_flatten_logpolicy\": \n },\n \"users\": {\n \"request_period_in_seconds\": ,\n \"rate_limiter\": {\n \"period_in_seconds\": ,\n \"requests_limit_in_units\": \n },\n \"override_flatten_zones\": \n },\n \"detections\": {\n \"historic_date_utc\": \"\",\n \"request_period_in_seconds\": ,\n \"rate_limiter\": {\n \"period_in_seconds\": ,\n \"requests_limit_in_units\": \n },\n \"override_flatten_detection_rule\": ,\n \"override_flatten_detectors\": ,\n \"override_flatten_device\": ,\n \"override_flatten_product\": ,\n \"override_flatten_zone_ids\": ,\n \"override_ingest_AssociatedArtifacts\": ,\n \"override_ingest_ArtifactsOfInterest\": \n },\n \"detection_rules\": {\n \"request_period_in_seconds\": ,\n \"rate_limiter\": {\n \"period_in_seconds\": ,\n \"requests_limit_in_units\": \n },\n \"override_flatten_plugin\": ,\n \"override_flatten_product\": \n },\n \"detection_exceptions\": {\n \"request_period_in_seconds\": ,\n \"rate_limiter\": {\n \"period_in_seconds\": ,\n \"requests_limit_in_units\": \n },\n \"override_flatten_plugin\": ,\n \"override_flatten_product\": \n }\n }\n }\n }\n}","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the ","type":"text"},{"text":"services","type":"text","marks":[{"type":"code"}]},{"text":" object.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"Please replace the placeholders with real world values following the description table below:","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"d15cc2d0-6788-4efc-aae3-658de39a816b"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Parameter","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"Data type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Value range / Format","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"int","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"YMMDD","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Use this param to give a unique id to this input service.","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"This parameter is used to build the persistence address, do not use the same value for multiple collectors. It could cause a collision.","type":"text"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"bool","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"false","type":"text","marks":[{"type":"code"}]},{"text":" / ","type":"text"},{"text":"true","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"This will make the collector generate (or not) log messages with the DEBUG level.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"int","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum value: ","type":"text"},{"text":"1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"The period in seconds to be used between pulling executions.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"int","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum length: 1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"This parameter allows you to customize this behavior for each service.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"int","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum length: 1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"This parameter allows you to customize this behavior for each service.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"apne1, au, euc1, sae1, us","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Set the region zone for your endpoint. If set to null ","type":"text"},{"text":"North America","type":"text","marks":[{"type":"code"}]},{"text":"will be used as default value.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Application ID of your Cylance App","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Application Secret of you Cylance App","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Your Tenant ID","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"\"%Y-%m-%dT%H:%M:%S.%fZ\"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Date since the user wants to get data. If null, collector gets data from 10 days ago.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the enrich devices option is activated. Add this parameter and set it to false to avoid the enrichment process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the ingestion of Associated Artifacts option is deactivated. Add this parameter and set it to true to allow the ingestion process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the ingestion of Artifacts of Interes option is deactivated. Add this parameter and set it to true to allow the ingestion process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[207.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[109.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]}]},{"type":"mediaSingle","attrs":{"layout":"center","width":454,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":1245,"alt":"Cylance_10.png","id":"330f0c2f-05f2-4a3f-930d-e63da6b94b83","collection":"contentId-198246404","type":"file","height":931}}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"rw-tab","parameters":{"macroParams":{"title":{"value":"On-premise collector"}},"macroMetadata":{"macroId":{"value":"0e08d10a084320745cfcad174c481cfb"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://static.dg.refinedtheme.refinedwiki.com/refinedtheme-for-cloud/macro-icons/tab.png"}}],"title":"Refined Tab"}},"localId":"3392ad6b-e017-4587-96ac-e5e9d4459cb2"}},{"type":"paragraph","content":[{"text":"This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Structure","type":"text"}]},{"type":"paragraph","content":[{"text":"The following directory structure should be created for being used when running the collector:","type":"text"}]},{"type":"codeBlock","content":[{"text":"\n└── devo-collectors/\n └── /\n ├── certs/\n │ ├── chain.crt\n │ ├── .key\n │ └── .crt\n ├── state/\n └── config/ \n └── config.yaml ","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper value.","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Devo credentials","type":"text"}]},{"type":"paragraph","content":[{"text":"In Devo, go to ","type":"text"},{"text":"Administration → Credentials → X.509 Certificates","type":"text","marks":[{"type":"strong"}]},{"text":", download the ","type":"text"},{"text":"Certificate","type":"text","marks":[{"type":"strong"}]},{"text":", ","type":"text"},{"text":"Private key","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"Chain CA","type":"text","marks":[{"type":"strong"}]},{"text":" and save them in ","type":"text"},{"text":"/certs/","type":"text","marks":[{"type":"code"}]},{"text":". Learn more about security credentials in Devo ","type":"text"},{"text":"here","type":"text","marks":[{"type":"link","attrs":{"href":"https://devodocs.atlassian.net/wiki/spaces/latest/pages/94763701"}}]},{"text":".","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"center"},"content":[{"type":"media","attrs":{"width":950,"id":"f567bffe-b34c-4ea8-b52d-5a34f34d61a2","collection":"contentId-198246404","type":"file","height":448}}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper value.","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Editing the config.yaml file","type":"text"}]},{"type":"codeBlock","content":[{"text":"globals:\n debug: \n id: not_used\n name: \n persistence:\n type: filesystem\n config:\n directory_name: state\n\noutputs:\n devo_1:\n type: devo_platform\n config:\n address: \n port: 443\n type: SSL\n chain: chain.crt\n cert: .crt\n key: .key\ninputs:\n cylance_common_data_puller:\n id: \n enabled: true\n region_code: \n credentials:\n application_id: \n application_secret: \n tenant_id: \n services:\n threats:\n historic_date_utc: \n request_period_in_seconds: \n rate_limiter:\n period_in_seconds: \n requests_limit_in_units: \n override_flatten_ip_addresses: \n override_flatten_mac_addresses: \n override_enrich_devices: \n\n devices:\n request_period_in_seconds: \n rate_limiter:\n period_in_seconds: \n requests_limit_in_units: \n override_flatten_ip_addresses: \n override_flatten_mac_addresses: \n override_flatten_policy: \n override_flatten_product: \n\n policies:\n request_period_in_seconds: \n rate_limiter:\n period_in_seconds: \n requests_limit_in_units: \n override_flatten_policies: \n override_flatten_logpolicy: \n\n users:\n request_period_in_seconds: \n override_flatten_zones: \n rate_limiter:\n period_in_seconds: \n requests_limit_in_units: \n\n detections:\n historic_date_utc: \n request_period_in_seconds: \n rate_limiter:\n period_in_seconds: \n requests_limit_in_units: \n override_flatten_detection_rule: \n override_flatten_detectors: \n override_flatten_device: \n override_flatten_product: \n override_flatten_zone_ids: \n override_ingest_AssociatedArtifacts: \n override_ingest_ArtifactsOfInterest: \n\n detection_rules:\n request_period_in_seconds: \n rate_limiter:\n period_in_seconds: \n requests_limit_in_units: \n override_flatten_product: \n override_flatten_plugin: \n\n detection_exceptions:\n request_period_in_seconds: \n rate_limiter:\n period_in_seconds: \n requests_limit_in_units: \n override_flatten_plugin: \n override_flatten_product: ","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the ","type":"text"},{"text":"services","type":"text","marks":[{"type":"code"}]},{"text":" object.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"Replace the placeholders with your required values following the description table below:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"d3037611-2fc1-4bd8-a7f8-c565804c67a4"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"Parameter","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"Data type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Value range / Format","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"bool","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"false","type":"text","marks":[{"type":"code"}]},{"text":" / ","type":"text"},{"text":"true","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"This will make the collector generate (or not) log messages with the DEBUG level.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum length: 1","type":"text"},{"type":"hardBreak"},{"text":"Maximum length: 10","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Use this param to give a valid name to this collector.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"collector-us.devo.io","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"collector-eu.devo.io","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Use this param to identify the Devo Cloud where the events will be sent.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"int","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"YMMDD","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Use this param to give a unique id to this input service.","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"This parameter is used to build the persistence address, do not use the same value for multiple collectors. It could cause a collision.","type":"text"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"int","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum value: ","type":"text"},{"text":"1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"The period in seconds to be used between pulling executions.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"int","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum length: 1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"This parameter allows you to customize this behavior for each service.","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"int","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum length: 1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"This parameter allows you to customize this behavior for each service.","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"apne1, au, euc1, sae1, us","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Set the region zone for your endpoint. If leave blank ","type":"text"},{"text":"North America","type":"text","marks":[{"type":"code"}]},{"text":" will be used as default value.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Application ID of your Cylance App","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Application Secret of you Cylance App","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Your Tenant ID","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"\"%Y-%m-%dT%H:%M:%S.%fZ\"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"Date since the user wants to get data. If blank collector gets data from 10 days ago.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the enrich devices option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, this option is deactivated. Add this parameter and set it to true to ingest Associated Artifacts.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, this option is deactivated. Add this parameter and set it to true to ingest Artifacts of Interest.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[134.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[145.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"true/false","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[128.0]},"content":[{"type":"paragraph","content":[{"text":"By default, the flatten option is activated. Add this parameter and set it to false to avoid the flattening process.","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Download the Docker image","type":"text"}]},{"type":"paragraph","content":[{"text":"The collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"94785be3-54fc-4266-9d73-deee265f1451"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[323.0]},"content":[{"type":"paragraph","content":[{"text":"Collector Docker image","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[323.0]},"content":[{"type":"paragraph","content":[{"text":"SHA-256 hash","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[323.0]},"content":[{"type":"paragraph","content":[{"text":"collector-collector_cylance_if-docker-image-1.2.0","type":"text","marks":[{"type":"link","attrs":{"href":"https://drive.google.com/file/d/1Suv0_2ZUWQRePd3-EgpYoCvGuiV6TMxe/view?usp=drive_link"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[323.0]},"content":[{"type":"paragraph","content":[{"text":"4fe88014ea8aaef155c304661025b67536db11e161c684e64a7f9deb8d81a355","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"paragraph","content":[{"text":"Use the following command to add the Docker image to the system:","type":"text"}]},{"type":"codeBlock","content":[{"text":"gunzip -c -.tgz | docker load","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Once the Docker image is imported, it will show the real name of the Docker image (including version info). Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with a proper value.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"The Docker image can be deployed on the following services:","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Docker","type":"text"}]},{"type":"paragraph","content":[{"text":"Execute the following command on the root directory ","type":"text"},{"text":"/devo-collectors//","type":"text","marks":[{"type":"code"}]}]},{"type":"codeBlock","content":[{"text":"docker run \n--name collector- \n--volume $PWD/certs:/devo-collector/certs \n--volume $PWD/config:/devo-collector/config \n--volume $PWD/state:/devo-collector/state \n--env CONFIG_FILE=config.yaml \n--rm \n--interactive \n--tty \n:","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper values.","type":"text"}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Docker Compose","type":"text"}]},{"type":"paragraph","content":[{"text":"The following Docker Compose file can be used to execute the Docker container. It must be created in the ","type":"text"},{"text":"/devo-collectors//","type":"text","marks":[{"type":"code"}]},{"text":" directory.","type":"text"}]},{"type":"codeBlock","content":[{"text":"version: '3'\nservices:\n collector-:\n image: :${IMAGE_VERSION:-latest}\n container_name: collector-\n volumes:\n - ./certs:/devo-collector/certs\n - ./config:/devo-collector/config\n - ./credentials:/devo-collector/credentials\n - ./state:/devo-collector/state\n environment:\n - CONFIG_FILE=${CONFIG_FILE:-config.yaml}","type":"text"}]},{"type":"paragraph","content":[{"text":"To run the container using docker-compose, execute the following command from the ","type":"text"},{"text":"/devo-collectors//","type":"text","marks":[{"type":"code"}]},{"text":" directory:","type":"text"}]},{"type":"codeBlock","content":[{"text":"IMAGE_VERSION= docker-compose up -d","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper values.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Collector services detail","type":"text"}]},{"type":"paragraph","content":[{"text":"This section is intended to explain how to proceed with specific actions for services.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Events service","type":"text"}]},{"type":"expand","attrs":{"title":"Verify data collection"},"content":[{"type":"paragraph","content":[{"text":"Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.","type":"text"}]},{"type":"paragraph","content":[{"text":"This service has the following components:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"0fc14022-ade5-4eae-ba9b-eaa9749ea4a9"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Component","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Setup","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"The setup module is in charge of authenticating the service and managing the token expiration when needed.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Puller","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Setup output","type":"text"}]},{"type":"paragraph","content":[{"text":"A successful run has the following output messages for the setup module:","type":"text"}]},{"type":"codeBlock","content":[{"text":"INFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,devices#predefined) -> Successfully generated new access token. Token is valid till: 2022-10-10 13:02:33\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,devices#predefined) -> Previously generated token is still valid. Skipping the generation of new access token \nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,users#predefined) -> Successfully generated new access token. Token is valid till: 2022-10-10 13:02:33\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,devices#predefined) -> Setup for module has been successfully executed\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,threats#predefined) -> Successfully generated new access token. Token is valid till: 2022-10-10 13:02:33\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,policies#predefined) -> Successfully generated new access token. Token is valid till: 2022-10-10 13:02:33\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,detections#predefined) -> Successfully generated new access token. Token is valid till: 2022-10-10 13:02:33\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,users#predefined) -> Previously generated token is still valid. Skipping the generation of new access token \nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,threats#predefined) -> Previously generated token is still valid. Skipping the generation of new access token \nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,policies#predefined) -> Previously generated token is still valid. Skipping the generation of new access token \nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,detection_rules#predefined) -> Successfully generated new access token. Token is valid till: 2022-10-10 13:02:33\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,detections#predefined) -> Previously generated token is still valid. Skipping the generation of new access token \nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,users#predefined) -> Setup for module has been successfully executed\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,threats#predefined) -> Setup for module has been successfully executed\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,policies#predefined) -> Setup for module has been successfully executed\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,detection_rules#predefined) -> Previously generated token is still valid. Skipping the generation of new access token \nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,detections#predefined) -> Setup for module has been successfully executed\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,detection_rules#predefined) -> Setup for module has been successfully executed\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,detection_exceptions#predefined) -> Successfully generated new access token. Token is valid till: 2022-10-10 13:02:33\nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,detection_exceptions#predefined) -> Previously generated token is still valid. Skipping the generation of new access token \nINFO InputProcess::CylanceCommonDataPullerSetup(cylance_collector,cylance_common_data_puller#111,detection_exceptions#predefined) -> Setup for module has been successfully executed","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Puller output","type":"text"}]},{"type":"paragraph","content":[{"text":"A successful initial run has the following output messages for the puller module:","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Note that the ","type":"text"},{"text":"PrePull","type":"text","marks":[{"type":"code"}]},{"text":" action is executed only one time before the first run of the ","type":"text"},{"text":"Pull","type":"text","marks":[{"type":"code"}]},{"text":" action.","type":"text"}]}]},{"type":"codeBlock","content":[{"text":"INFO InputProcess::CylanceUsersDataPuller(cylance_common_data_puller,111,users,predefined) -> Pull Started\nINFO InputProcess::CylanceDetectionDataPuller(cylance_common_data_puller,111,detections,predefined) -> Pull Started\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) Finalizing the execution of pre_pull()\nINFO InputProcess::CylanceUsersDataPuller(cylance_common_data_puller,111,users,predefined) -> Requesting Users data from page: 1 with page size: 200\nWARNING InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Persistence has been updated successfully\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> Starting data collection every 86400 seconds\nINFO InputProcess::CylanceDetectionDataPuller(cylance_common_data_puller,111,detections,predefined) -> Requesting Devices data from page: 1 and page size: 200\nINFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) Finalizing the execution of pre_pull()\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> Pull Started\nINFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Starting data collection every 86400 seconds\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> Requesting Detection Rules data from page: 1 with page size: 200\nINFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Pull Started\nINFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Requesting Detection Exceptions data from page: 1 with page size: 200\nINFO InputProcess::CylanceDevicesDataPuller(cylance_common_data_puller,111,devices,predefined) -> Total number of Devices: 5\nINFO InputProcess::CylanceDevicesDataPuller(cylance_common_data_puller,111,devices,predefined) -> Requesting detailed info of Devices. This may take a while....\nINFO InputProcess::CylanceUsersDataPuller(cylance_common_data_puller,111,users,predefined) -> Total number of Users: 6\nINFO InputProcess::CylancePoliciesDataPuller(cylance_common_data_puller,111,policies,predefined) -> Total number of Policies: 2\nINFO InputProcess::CylancePoliciesDataPuller(cylance_common_data_puller,111,policies,predefined) -> Requesting detailed info of Policies. This may take a while....\nINFO InputProcess::CylanceDetectionDataPuller(cylance_common_data_puller,111,detections,predefined) -> Total number of Detections: 101\nINFO InputProcess::CylanceDetectionDataPuller(cylance_common_data_puller,111,detections,predefined) -> Removing the duplicate detections if present...\nINFO InputProcess::CylanceDetectionDataPuller(cylance_common_data_puller,111,detections,predefined) -> Requesting detailed info of Detections. This may take a while....\nINFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Total number of Detection Exceptions: 3\nINFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Requesting detailed info of Detection Exceptions. This may take a while....\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Total number of Threats: 22\n2INFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Removing the duplicate threats if present...\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Requesting detailed info of Threats. This may take a while....\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Number of Threats sent to Devo: 26\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1665397954934):Number of requests made: 21; Number of events received: 10; Number of duplicated events filtered out: 0; Number of events generated and sent: 26; Average of events per second: 4.622.\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Requesting Threats data from page: 2 and page size: 200\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> Total number of Detection Rules: 175\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> Requesting detailed info of Detection Rules. This may take a while....\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Total number of Threats: 22\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Removing the duplicate threats if present...\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Requesting detailed info of Threats. This may take a while....\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Number of Threats sent to Devo: 25\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1665397954934):Number of requests made: 42; Number of events received: 20; Number of duplicated events filtered out: 0; Number of events generated and sent: 51; Average of events per second: 4.414.\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Requesting Threats data from page: 3 and page size: 200\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Total number of Threats: 22\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Removing the duplicate threats if present...\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Requesting detailed info of Threats. This may take a while....\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Number of Threats sent to Devo: 2\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> State last_polled_timestamp is updated with last fetched threat last_found\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Saved state: {'last_polled_timestamp': 1664879686.0, 'historic_date_utc': 1651345434.521, 'sha256_with_same_last_found': ['CCB9502BF8BA5BECF8B758CA04A5625C30B79E2D10D2677CC43AE4253E1288EC'], 'last_found': '2022-10-04T10:34:46', 'last_polled_timestamp_for_current_poll': 1664879686.0, '@persistence_version': 0}\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1665397954934):Number of requests made: 47; Number of events received: 22; Number of duplicated events filtered out: 0; Number of events generated and sent: 53; Average of events per second: 3.667.\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> The data is up to date!\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Data collection completed. Elapsed time: 14.493 seconds. Waiting for 585.507 second(s) until the next one","type":"text"}]},{"type":"paragraph","content":[{"text":"After a successful collector’s execution (that is, no error logs found), you will see the following log message:","type":"text"}]},{"type":"codeBlock","content":[{"text":"INFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1665397954934):Number of requests made: 47; Number of events received: 22; Number of duplicated events filtered out: 0; Number of events generated and sent: 53; Average of events per second: 3.667.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"The value ","type":"text"},{"text":"@devo_pulling_id","type":"text","marks":[{"type":"code"}]},{"text":" is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that ","type":"text"},{"text":"Pull","type":"text","marks":[{"type":"code"}]},{"text":" action in Devo’s search window.","type":"text"}]}]}]},{"type":"expand","attrs":{"title":"Restart the persistence"},"content":[{"type":"paragraph","content":[{"text":"This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Edit the configuration file.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Change the value of the ","type":"text"},{"text":"historic_date_utc","type":"text","marks":[{"type":"code"}]},{"text":" parameter to a different one.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Save the changes.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Restart the collector.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Note that this action clears the persistence and cannot be recovered in any way. Resetting persistence could result in duplicate or lost events.","type":"text"}]}]}]},{"type":"expand","attrs":{"title":"Troubleshooting"},"content":[{"type":"paragraph","content":[{"text":"This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"2f8ce171-e66b-4e47-8818-1e0ba2b1ea88"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[142.0]},"content":[{"type":"paragraph","content":[{"text":"Error type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Error ID","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Error message","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Cause","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Solution","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":6,"colwidth":[142.0]},"content":[{"type":"paragraph","content":[{"text":"SetupError","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"100","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Error occurred while requesting access token from the Cylance server","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Cylance API not working.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"See collector logs for more info.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"101","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"access token has expired or invalid. status code: 401","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Invalid or expired token","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Check credentials given in the configuration.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"102","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"The provided credentials are valid but they do not have the permission to generate access","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Not enough permissions.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Check app permissions in your app.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"103","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"The resource requested is not found","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Resource not found.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Make sure your configuration is properly defined.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"104","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Unexpected error occurred at the Cylance server","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Cylance API not working.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"See collector logs for more info.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"105","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Error occurred while retrieving users from Cylance server","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Cylance API not working.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"See collector logs for more info.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":5,"colwidth":[142.0]},"content":[{"type":"paragraph","content":[{"text":"InitVariablesError","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"10","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"region code specified is not valid. Valid region codes are apne1, au, euc1, sae1. Leave blank if the region is North America","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Region code is not valid.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Change the region code for one of these:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"apne1","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"au","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"euc1","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"sae1","type":"text"}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"11","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Required setting, historic_date_utc not of expected type: str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"historic_date_utc should be string, not a number","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Change config file for a valid date.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"12","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Invalid value is provided for the historic_date. Provide the date in %Y-%m-%d %H:%M:%S format.","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Invalid format","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Change value in config with a valid format:","type":"text"}]},{"type":"paragraph","content":[{"text":"%Y-%m-%d %H:%M:%S","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"13","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Time format for historic date must be %Y-%m-%d %H:%M:%S","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Invalid format","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Change value in config with a valid format:","type":"text"}]},{"type":"paragraph","content":[{"text":"%Y-%m-%d %H:%M:%S","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"14","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"historic datetime cannot be greater than the present UTC time","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Value of the historic_date_utc is greater than current time.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Change historic_date_utc for a valid value.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":6,"colwidth":[142.0]},"content":[{"type":"paragraph","content":[{"text":"PullError","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"300","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Error occurred while retrieving threats from Cylance server.","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Cylance API not responding properly.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"See collector ouput logs.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"302","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"access token has expired or invalid. status code: 401.","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Invalid token","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Go to the Cylance console and check app token.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"302","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"The access token does not have valid permissions to perform this request.","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Enough permissions.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Go to the Cylance console and check permissions.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"303","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"The resource requested is not found.","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Resource you are looking for is not available.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":" ","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"304","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Unexpected error occurred at the Cylance server.","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Unexpected Cylance API response.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"Check collector logs.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"305","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"After 3 retries still getting the too many requests error.\"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":"You are receiving 429 status code but after wait needed time API isn’t still responding.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[127.0]},"content":[{"type":"paragraph","content":[{"text":" ","type":"text"}]}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Collector operations","type":"text"}]},{"type":"paragraph","content":[{"text":"This section is intended to explain how to proceed with specific operations of this collector.","type":"text"}]},{"type":"expand","attrs":{"title":"Verify collector operations"},"content":[{"type":"heading","attrs":{"level":3},"content":[{"text":"Initialization","type":"text"}]},{"type":"paragraph","content":[{"text":"The initialization module is in charge of setup and running the input (pulling logic) and output (delivering logic) services and validating the given configuration.","type":"text"}]},{"type":"paragraph","content":[{"text":"A successful run has the following output messages for the initializer module:","type":"text"}]},{"type":"codeBlock","content":[{"text":"INFO InputProcess::MainThread -> Validating settings from collector definitions\nINFO InputProcess::MainThread -> Validating settings from user configuration\nINFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread\n2INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)\nINFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread\nINFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread\nINFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)\nINFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread\n2INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread\nINFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)\nINFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Events delivery and Devo ingestion","type":"text"}]},{"type":"paragraph","content":[{"text":"The event delivery module is in charge of receiving the events from the internal queues where all events are injected by the pullers and delivering them using the selected compatible delivery method.","type":"text"}]},{"type":"paragraph","content":[{"text":"A successful run has the following output messages for the initializer module:","type":"text"}]},{"type":"codeBlock","content":[{"text":"INFO InputProcess::CylanceUsersDataPuller(cylance_common_data_puller,111,users,predefined) -> Pull Started\nINFO InputProcess::CylanceDetectionDataPuller(cylance_common_data_puller,111,detections,predefined) -> Pull Started\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) Finalizing the execution of pre_pull()\nINFO InputProcess::CylanceUsersDataPuller(cylance_common_data_puller,111,users,predefined) -> Requesting Users data from page: 1 with page size: 200\nWARNING InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Persistence has been updated successfully\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> Starting data collection every 86400 seconds\nINFO InputProcess::CylanceDetectionDataPuller(cylance_common_data_puller,111,detections,predefined) -> Requesting Devices data from page: 1 and page size: 200\nINFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) Finalizing the execution of pre_pull()\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> Pull Started\nINFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Starting data collection every 86400 seconds\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> Requesting Detection Rules data from page: 1 with page size: 200\n2INFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Pull Started\nINFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Requesting Detection Exceptions data from page: 1 with page size: 200\nINFO InputProcess::CylanceDevicesDataPuller(cylance_common_data_puller,111,devices,predefined) -> Total number of Devices: 5\nINFO InputProcess::CylanceDevicesDataPuller(cylance_common_data_puller,111,devices,predefined) -> Requesting detailed info of Devices. This may take a while....\nINFO InputProcess::CylanceUsersDataPuller(cylance_common_data_puller,111,users,predefined) -> Total number of Users: 6\nINFO InputProcess::CylancePoliciesDataPuller(cylance_common_data_puller,111,policies,predefined) -> Total number of Policies: 2\nINFO InputProcess::CylancePoliciesDataPuller(cylance_common_data_puller,111,policies,predefined) -> Requesting detailed info of Policies. This may take a while....\nINFO InputProcess::CylanceDetectionDataPuller(cylance_common_data_puller,111,detections,predefined) -> Total number of Detections: 101\nINFO InputProcess::CylanceDetectionDataPuller(cylance_common_data_puller,111,detections,predefined) -> Removing the duplicate detections if present...\nINFO InputProcess::CylanceDetectionDataPuller(cylance_common_data_puller,111,detections,predefined) -> Requesting detailed info of Detections. This may take a while....\nINFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Total number of Detection Exceptions: 3\nINFO InputProcess::CylanceDetectionExceptionsDataPuller(cylance_common_data_puller,111,detection_exceptions,predefined) -> Requesting detailed info of Detection Exceptions. This may take a while....\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Total number of Threats: 22\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Removing the duplicate threats if present...\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Requesting detailed info of Threats. This may take a while....\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Number of Threats sent to Devo: 26\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1665397954934):Number of requests made: 21; Number of events received: 10; Number of duplicated events filtered out: 0; Number of events generated and sent: 26; Average of events per second: 4.622.\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Requesting Threats data from page: 2 and page size: 200\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> Total number of Detection Rules: 175\nINFO InputProcess::CylanceDetectionRulesDataPuller(cylance_common_data_puller,111,detection_rules,predefined) -> Requesting detailed info of Detection Rules. This may take a while....\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Total number of Threats: 22\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Removing the duplicate threats if present...\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Requesting detailed info of Threats. This may take a while....\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Number of Threats sent to Devo: 25\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1665397954934):Number of requests made: 42; Number of events received: 20; Number of duplicated events filtered out: 0; Number of events generated and sent: 51; Average of events per second: 4.414.\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Requesting Threats data from page: 3 and page size: 200\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Total number of Threats: 22\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Removing the duplicate threats if present...\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Requesting detailed info of Threats. This may take a while....\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Number of Threats sent to Devo: 2\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> State last_polled_timestamp is updated with last fetched threat last_found\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Saved state: {'last_polled_timestamp': 1664879686.0, 'historic_date_utc': 1651345434.521, 'sha256_with_same_last_found': ['CCB9502BF8BA5BECF8B758CA04A5625C30B79E2D10D2677CC43AE4253E1288EC'], 'last_found': '2022-10-04T10:34:46', 'last_polled_timestamp_for_current_poll': 1664879686.0, '@persistence_version': 0}\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1665397954934):Number of requests made: 47; Number of events received: 22; Number of duplicated events filtered out: 0; Number of events generated and sent: 53; Average of events per second: 3.667.\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> The data is up to date!\nINFO InputProcess::CylanceThreatsDataPuller(cylance_common_data_puller,111,threats,predefined) -> Data collection completed. Elapsed time: 14.493 seconds. Waiting for 585.507 second(s) until the next one","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"By default, these information traces will be displayed every 10 minutes.","type":"text"}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Sender services","type":"text"}]},{"type":"paragraph","content":[{"text":"The Integrations Factory Collector SDK has 3 different senders services depending on the event type to delivery (","type":"text"},{"text":"internal","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"standard","type":"text","marks":[{"type":"code"}]},{"text":", and ","type":"text"},{"text":"lookup","type":"text","marks":[{"type":"code"}]},{"text":"). This collector uses the following Sender Services:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"6bd704ef-0e1e-4407-992c-002264d15132"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Sender services","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"internal_senders","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"In charge of delivering internal metrics to Devo such as logging traces or metrics.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"standard_senders","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"In charge of delivering pulled events to Devo.","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Sender statistics","type":"text"}]},{"type":"paragraph","content":[{"text":"Each service displays its own performance statistics that allow checking how many events have been delivered to Devo by type:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"b4ce6589-85aa-4583-b31b-545216de40ff"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Logging trace","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Number of available senders: 1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Displays the number of concurrent senders available for the given Sender Service.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"sender manager internal queue size: 0","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Displays the items available in the internal sender queue.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"This value helps detect bottlenecks and needs to increase the performance of data delivery to Devo. This last can be made by increasing the concurrent senders.","type":"text"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Total number of messages sent: 44, messages sent since \"2022-06-28 10:39:22.511671+00:00\": 21 (elapsed 0.007 seconds)","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Displayes the number of events from the last time and following the given example, the following conclusions can be obtained:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"44 events were sent to Devo since the collector started.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The last checkpoint timestamp was ","type":"text"},{"text":"2022-06-28 10:39:22.511671+00:00","type":"text","marks":[{"type":"code"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"21 events where sent to Devo between the last UTC checkpoint and now.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Those 21 events required ","type":"text"},{"text":"0.007 seconds","type":"text","marks":[{"type":"code"}]},{"text":" to be delivered.","type":"text"}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"By default these traces will be shown every 10 minutes.","type":"text"}]}]}]}]}]}]},{"type":"expand","attrs":{"title":"Check memory usage"},"content":[{"type":"paragraph","content":[{"text":"To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The global pressure of the available memory is displayed in the ","type":"text"},{"text":"global","type":"text","marks":[{"type":"code"}]},{"text":" value.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"All metrics (Global, RSS, VMS) include the value before freeing and after ","type":"text"},{"text":"previous -> after freeing memory","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"codeBlock","content":[{"text":"INFO InputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(34.50MiB -> 34.08MiB), VMS(410.52MiB -> 410.02MiB)\nINFO OutputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(28.41MiB -> 28.41MiB), VMS(705.28MiB -> 705.28MiB)","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Differences between ","type":"text"},{"text":"RSS","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"VMS","type":"text","marks":[{"type":"code"}]},{"text":" memory usage:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"RSS","type":"text","marks":[{"type":"code"}]},{"text":" is the Resident Set Size, which is the actual physical memory the process is using","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"VMS","type":"text","marks":[{"type":"code"}]},{"text":" is the Virtual Memory Size which is the virtual memory that process is using","type":"text"}]}]}]}]}]},{"type":"expand","attrs":{"title":"Enable/disable the logging debug mode"},"content":[{"type":"paragraph","content":[{"text":"Sometimes it is necessary to activate the debug mode of the collector's logging. This debug mode increases the verbosity of the log and allows you to print execution traces that are very helpful in resolving incidents or detecting bottlenecks in heavy download processes.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To enable this option you just need to edit the configuration file and change the debug_status parameter from false to true and restart the collector.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"To disable this option, you just need to update the configuration file and change the debug_status parameter from true to false and restart the collector.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"For more information, visit the configuration and parameterization section corresponding to the chosen deployment mode.","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Change log","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"c8f27ee9-d9a7-4239-b4a4-46ff9d9efa5a"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[130.0]},"content":[{"type":"paragraph","content":[{"text":"Release","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[171.0]},"content":[{"type":"paragraph","content":[{"text":"Released on","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[169.0]},"content":[{"type":"paragraph","content":[{"text":"Release type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[290.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[130.0]},"content":[{"type":"paragraph","content":[{"text":"v1.2.0","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[171.0]},"content":[{"type":"paragraph","content":[{"type":"date","attrs":{"timestamp":"1698364800000"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[169.0]},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"green","style":"bold","text":"IMPROVEMENTS","localId":"9ddbc109-9033-43b7-8e9a-f848e9ea94cc"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[290.0]},"content":[{"type":"paragraph","content":[{"text":"Improvements","type":"text","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded DCSDK from 1.9.1. to 1.9.2","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded Dependencies","type":"text"}]}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[130.0]},"content":[{"type":"paragraph","content":[{"text":"v1.1.0","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[171.0]},"content":[{"type":"paragraph","content":[{"type":"date","attrs":{"timestamp":"1661731200000"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[169.0]},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"green","style":"bold","text":"IMPROVEMENT","localId":"279b422c-e966-4aa3-84bf-04e178be9f97"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[290.0]},"content":[{"type":"paragraph","content":[{"text":"Improvements","type":"text","marks":[{"type":"strong"}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded DCSDK from 1.4.2 to 1.9.1","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Store lookup instances into DevoSender to avoid creation of new instances for the same lookup","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Ensure service_config is a dict into templates","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Ensure special characters are properly sent to the platform","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Changed log level to some messages from info to debug","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Changed some wrong log messages","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded some internal dependencies","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Changed queue passed to setup instance constructor","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"New “templates” functionality","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Functionality for detecting some system signals for starting the controlled stopping","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Input objects sends again the internal messages to devo.collectors.out table","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded DevoSDK to version 3.6.4 to fix a bug related to a connection loss with Devo","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Refactored source code structure","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Changed way of executing the controlled stopping","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Minimized probabilities of suffering a DevoSDK bug related to “sender” to be null","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Ability to validate collector setup and exit without pulling any data","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Ability to store in the persistence the messages that couldn’t be sent after the collector stopped","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Ability to send messages from the persistence when the collector starts and before the puller begins working","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Ensure special characters are properly sent to the platform","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Added a lock to enhance sender object","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Added new class attrs to the ","type":"text"},{"text":"setstate","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"getstate","type":"text","marks":[{"type":"code"}]},{"text":" queue methods","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fix sending attribute value to the ","type":"text"},{"text":"setstate","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"getstate","type":"text","marks":[{"type":"code"}]},{"text":" queue methods","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Added log traces when queues are full and have to wait","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Added log traces of queues time waiting every minute in debug mode","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Added method to calculate queue size in bytes","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Block incoming events in queues when there are no space left","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Send telemetry events to Devo platform","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded internal Python dependency Redis to v4.5.4","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded internal Python dependency DevoSDK to v5.1.3","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fixed obfuscation not working when messages are sent from templates","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"New method to figure out if a puller thread is stopping","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded internal Python dependency DevoSDK to v5.0.6","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Improved logging on messages/bytes sent to Devo platform","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fixed wrong bytes size calculation for queues","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"New functionality to count bytes sent to Devo Platform (shown in console log)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded internal Python dependency DevoSDK to v5.0.4","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fixed bug in persistence management process, related to persistence reset","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Aligned source code typing to be aligned with Python 3.9.x","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Inject environment property from user config","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Obfuscation service can be now configured from user config and module definition","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Obfuscation service can now obfuscate items inside arrays","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Ensure special characters are properly sent to the platform","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Changed log level to some messages from info to debug","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Changed some wrong log messages","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Upgraded some internal dependencies","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Changed queue passed to setup instance constructor","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Added log traces for knowing the execution environment status (debug mode)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Fixes in the current puller template version","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Docker container exits with the proper error code","type":"text"}]}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[130.0]},"content":[{"type":"paragraph","content":[{"text":"v1.0.0","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[171.0]},"content":[{"type":"paragraph","content":[{"type":"date","attrs":{"timestamp":"1664755200000"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[169.0]},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"purple","style":"bold","text":"NEW FEATURE","localId":"a7359b92-f20a-4e84-8f32-ae0bba558b55"}},{"text":" ","type":"text"},{"type":"hardBreak"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[290.0]},"content":[{"type":"paragraph","content":[{"text":"Retrieve data for Blackberry Cylance services:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Threats","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Devices","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Policies","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Users","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Detections","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Detections Rules","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Detection Exceptions","type":"text"}]}]}]}]}]}]}],"version":1}

Browser not supported