Skip to main content
The Halcyon integration syncs anti-ransomware alerts and endpoint data from Halcyon into Wirespeed, including:
  • Ransomware detections: Malicious executables, brute force attempts, vulnerable drivers, and more
  • Artifact enrichment: SHA256 hashes, file paths, IPs, and DNS records are automatically extracted for further enrichment
  • Endpoint inventory: Devices with the Halcyon agent installed are synced as endpoints

Prerequisites

Before setting up this integration, ensure you have:
  1. A Halcyon account with admin privileges
  2. Your Halcyon account username and password
  3. Your Tenant ID (if using a multi-tenant or MSSP setup)

Step 1: Gather Your Credentials

You will need the following information from your Halcyon account:
FieldDescription
UsernameYour Halcyon admin account username
PasswordYour Halcyon admin account password
Tenant ID(Optional) Your Halcyon tenant UUID. Required for multi-tenant or MSSP setups.
Your credentials provide access to your Halcyon tenant. Store them securely and use an account dedicated to the Wirespeed integration when possible.

Step 2: Add the Integration in Wirespeed

  1. Log in to Wirespeed
  2. Navigate to IntegrationsAdd Integration
  3. Search for and select Halcyon
  4. Enter your Username, Password, and optionally your Tenant ID
  5. Click Integrate to complete the setup

What Gets Synced?

Alerts (Detections)

Wirespeed ingests alerts from Halcyon. Each alert is enriched with:
  • Artifacts: File hashes (SHA256), file paths, IP addresses, and DNS records from the alert
  • Assets: Affected devices associated with the alert
SHA256 hashes extracted from Halcyon artifacts are automatically enriched by other integrations like ReversingLabs when available.

Devices (Endpoints)

All devices with the Halcyon agent are synced as endpoints, including hostname, operating system, and online status.

Troubleshooting

Authentication Errors

If you see authentication errors:
  1. Verify your username and password are correct
  2. Ensure your account has admin privileges
  3. If using a multi-tenant setup, confirm the Tenant ID is correct

No Alerts Appearing

If alerts aren’t showing up:
  1. Alerts may take a few minutes to appear after initial setup
  2. The initial sync pulls up to the last 90 days of alerts
  3. Verify that alerts exist in your Halcyon console

Additional Resources