Skip to main content
Skip table of contents

LSO: Syslog - Cylance (Mapping Doc)

This document explains the changes required to switch over and upgrade to the Syslog - Cylance Optics Detection\Protect Events log source type, and to enable new Message Processing Engine (MPE) rules developed during the Log Source Optimization (LSO) project. 


  • Download and apply the Knowledge Base. For more information, see KB Synchronization Settings for LSO.

  • Enable the new MPE rules in the LogRhythm System Monitor.
    • Select log source type Syslog - Cylance Optics Detection\Protect Events.

      When you select the log source type Syslog - Cylance Optics Detection\Protect Events, the log processing policy LogRhythm Default v2.0 is automatically enabled. 

Supported Log Messages

The following table lists the log message types supported in the current MPE rules. Each page contains detailed information on parsing changes and new log processing settings.

Log Message Type

Event Type

Add Device To Zone (Audit Event)

Audit Event
Add Device To Zone (Device Event)Device Event
Application Control MessagesAppControl Event
Catch All : Level 1N/A
Catch All : Level 2N/A
CylanceOPTICS : File EventsFile Event
CylanceOPTICS : Memory EventsMemory Event
CylanceOPTICS : Network EventsNetwork Event
CylanceOPTICS : Process EventsProcess Event
CylanceOPTICS : Registry EventsRegistry Event
Device EditAudit Event
Device Policy AssignedDevice Event
Device Policy ChangedDevice Event
Device RegistrationDevice Event
Device RemovedDevice Event
Exploit AttemptMemory Exploit Event
Global Threat QuarantineAudit Event
Last Message RepeatedN/A
Policy EditAudit Event
Scan MessagesThreat Event
Script Control MessagesScript Control Event
System Security MessagesDevice Event
Test Connection MessageN/A
Threat Classification MessagesThreat Classification Event
Threat Data Report DownloadAudit Event
Threat MessagesThreat Event
Threat Safe ListAudit Event
USB Device BlockedDevice Control Event
User AddedAudit Event
User LoginAudit Event
User RemovedAudit Event
Zone EditAudit Event
Zone Rule EditAudit Event

Log Processing Policy Updates

This section details log processing policy updates made to AIE Rules, system reports and templates, tails, and investigations as part of LSO.

Updates to AIE Rules

  • No changes

Updates to System Reports

  • No changes

Updates to System Investigations

  • No changes

Updates to System Report Templates

  • No changes

Updates to System Tails

  • No changes

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.