Catch All : Level 1 (Syslog - Cylance Optics Detection\Protect Events)

Vendor Documentation

https://docs.blackberry.com/content/dam/docs-blackberry-com/release-pdfs/en/cylance-products/syslog-guides/Cylance%20Syslog%20Guide%20v2.0%20rev12.pdf

Classification

Rule Name	Rule Type	Classification	Common Event
Catch All : Level 1	Base Rule	Information	General Information
General Emergency	Sub Rule	Critical	General Emergency Log Message
General Alert	Sub Rule	Critical	General Alert
General Critical	Sub Rule	Critical	General Critical
General Warning	Sub Rule	Warning	General Warning
General Debug	Sub Rule	Information	General Debug Message
General Notice	Sub Rule	Information	General Notice
General Information	Sub Rule	Information	General Information

Mapping with LogRhythm Schema

Device Key in Log Message	LogRhythm Schema	Data Type
N/A	<severity>	Text/String
N/A	<tag1>	Text/String