Introducing the Cylance Go Developer Sample

The BlackBerry Cylance API allows developers to request the status of their Cylance workspace with dozens of endpoints including; Users, Devices, Zones, Detections, Threats, and InstaQueries. Nearly the entire Cylance web console, given this API, can be recreated in any platform, and with any language.

This sample application is provided to show developers how to harness both portability of a React-Native code base and convenience of having their Cylance console mobile. It includes a library for making Cylance Restful calls, which the React-Native application leverages. The goal of this applications is for developers to extend it. Either modification for their use cases, or to take it apart for learning purposes.

In this blog you will see a preview of the application and its accompanying Notification/SYSLOG server, which allows users to act on threats in real time.

Both the app and its accompanying server are available on the BlackBerry public GitHub page here.

Features of React-Native application

The React-Native application implements the following functionality of the API/Web Console: 

Figure 1 - Cylance Go Threats Page
Figure 1 - Cylance Go Threats Page
Figure 2 - Cylance Go Users Page
Figure 2 - Cylance Go Users Page
Figure 3 - Cylance Go InstaQuery
Figure 3 - Cylance Go InstaQuery
Figure 4 - Lockdown device page
Figure 4 - Lockdown device page
  • Getting and Displaying Users, and on-select more information is presented.
  • Getting and Displaying Devices, and on-select details, SysLog detections (from the accompanying Notification/Syslog Server) for that device, and Cylance Detection summaries are shown.
  • Getting and Displaying Threats, and on-select more details are presented.
  • Getting and Displaying Detections, from both the accompanying SysLog Server and from Cylance’s Detection summaries.
  • Creating InstaQueries and viewing their results.
  • Authentication page for your Integration Credentials (Tennant Id, Application Id, Application Secret)
  • Locking down devices for a user-defined amount of time when the device triggers a threat
  • A Settings page for
    • Signing out (deleting your API token which has a 30-minute expiry)
    • Connecting to your Notification Server/Syslog Server (included with the sample)
    • Enabling and Disabling Notifications to your physical device.
Figure 5 - Cylance Go Settings
Figure 5 - Cylance Go Settings

Features of Notification Server/Syslog’s Server

Note: The Notification/Syslog Server is not required to run or use the React-Native application. You can simply not use it.

The accompanying Node.js Server provides two major features:

  1. Notification Management which is configured by your Firebase’s Firebase Cloud Messaging (FCM) credentials

    What does it do?

    • Register Devices for Notifications
    • De-register Devices from Notifications
    • Sends Push Notifications via Firebase Cloud Messaging on SysLog Detection.
  2. Capturing your BlackBerry Optics SysLogs configured in your Cylance console settings (see figure 4)

    What does it do?

    • Stores the incoming SysLog detections in a local database.
    • Servers a restful API for the React-Native app to access them.
Figure 5b - BlackBerry Protect Console Syslog Configuration
Figure 5b - BlackBerry Protect Console Syslog Configuration

How does it all work together?

We’ve put together a diagram showing how the many components in this developer sample work together. Follow the flow from steps one to ten.

In step one, BlackBerry® Optics has found a threat on a device. This threat was automatically sent to the BlackBerry® Protect console. Once it was flagged by the accompanying Syslog/Notification Server, a notification was sent to all registered devices.  

For step ten, our end user has been notified of the threat and they have chosen to lockdown the device.

Beyond this Introduction

Using this application as a developer

The purpose of this application is to allow the developer community to build off it and create use cases that are valuable to them. The application will be available open source under the Apache 2.0 License. Take it apart. Rip out a module. Learn from it!

If you want to learn how to configure and run this application, there are instructions in the form of found with the source code of the App/Server on BlackBerry’s GitHub.

While this is a high-level overview of the application, accompanying blogs will be released in due time that focus more on configuration, setup, and code. Keep an eye out for more blogs on this topic.

Thanks for reading!

Matthew Falkner

About Matthew Falkner

I work in Enterprise Solutions Development at BlackBerry.