- Overview
- CylanceON-PREM architecture
- Steps to get Start with CylanceON-PREM
- Requirements: CylanceON-PREM
- Configuring the CylanceON-PREM virtual appliance
- Configuring the console
- Log in to CylanceON-PREM
- Administrative dashboard
- Filter lists
- Export lists
- Policies
- Setting up the CylancePROTECT agent
- Device management
- Threat management
- Global lists
- Administration
- Managing users
- Managing roles
- Update profile information
- Audit logs
- Managing Certificates
- Setting up email notifications
- Settings
- Upgrade CylanceON-PREM
- Reboot the virtual appliance
- Configure session timeout
- Update CylanceON-PREM SSL certificate version 1.3.1 and later
- Update CylanceON-PREM SSL certificate version 1.2.2.1 and earlier
- Change the certificate cipher mode
- Enable maintenance mode
- Change network settings
- Check an IP address
- Change the log level
- Download logs
- Configure syslog/SIEM settings
- Update database connection settings
- Configure active directory
- Configure identity provider settings
- Using certificate-based authentication
- Add a banner to the login screen
- Applications
- CylanceON-PREM API
- Troubleshooting
- Agent not communicating with CylanceON-PREM
- Web browser reports insecure webpage
- Unable to connect to external database
- Configure static IP using the OVF tool
- Remote server 404 error in log files
- Log in with a local administrator account
- Online Certificate Status Protocol issues
- A user is not receiving email notifications
- Before you contact support
Audit logs
You can review the audit log for information on various actions performed from the
CylanceON-PREM
console. You can view audit logs by clicking Audit Logs
on the menu bar of the console. When you deploy
CylanceON-PREM
for the first time, it creates a system account (First Name=system and Email=system@onprem.local) that is used in Audit Logs to identify actions taken by the system versus actions taken by a CylanceON-PREM
user. For example, the system account is used when the system applies a policy to a device as a result of a policy rules match.Event | Actions |
|---|---|
Agent Update | Edit |
Device | Edit, delete |
Global List | Create, delete |
Login | Success, failure |
Logout | Success, failure |
Policy | Create, edit, delete |
Policy Rule | Create, edit, delete, auto policy applied The Audit Log will have one entry per device when a rule is automatically applied because conditions were met. |
Role | Create, update, delete |
Tag | Create, update, delete, assigned |
Tag Rule | Create, update, delete, auto tag applied The Audit Log will have one entry per device when a rule is automatically applied because conditions were met. |
Threat | Quarantine, waive, global quarantine, safe list |
User | Create, edit, delete, assigned |
Virtual Appliance Update | Enable or disable maintenance mode |
To filter entries in this list to find information faster, click 
.
.To export entries in this list to use in other applications, click 
.
.