Scan Messages
Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
Log Field | LogRhythm Default | LogRhythm Default v2.0 |
---|---|---|
N/A | <severity> | N/A |
Auto Run | N/A | N/A |
Cylance Score | <amount> | <severity> |
Detected By | <process> | N/A |
Device Name | <dname> | <dname> |
Drive Type | N/A | N/A |
Event Name | <vmid> | <action>, <tag1> |
Event Type | N/A | <vmid> |
File Name | <object> | <object> |
File Type | <subject> | N/A |
Found Date | N/A | N/A |
IP Address | <dip> | <dip> |
Is Malware | N/A | N/A |
Is Running | N/A | N/A |
Is Unique to Cylance | N/A | N/A |
MD5 | N/A | N/A |
Path | <url> | N/A |
SHA256 | <hash>, <objectname> | <hash> |
Status | <command>, <tag1> | <status> |
Threat Classification | N/A | <threatname> |
Zone Names | N/A | N/A |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
Regex ID | Rule Name | Rule Type | Common Events | Classifications |
---|---|---|---|---|
1007398 | Scan Messages | Base Rule | Possible Malware Activity | Malware |
Quarantined File | Sub Rule | Quarantine | Activity | |
Unsafe File | Sub Rule | Possible Malware Activity | Malware | |
Abnormal File | Sub Rule | Possible Malware Activity | Malware | |
Cleared File | Sub Rule | Failed Malware Activity | Failed Malware | |
Corrupt File | Sub Rule | Data Corrupt | Warning | |
Waived File | Sub Rule | Failed Malware Activity | Failed Malware |
LogRhythm Default v2.0
Regex ID | Rule Name | Rule Type | Common Events | Classifications |
---|---|---|---|---|
1011407 | V 2.0 : Cylance Protect : Threat Events | Base Rule | General Threat Message | Activity |
V 2.0 : Cylance Protect : Threat Found | Sub Rule | Detected Malware Activity | Malware | |
V 2.0 : Cylance Protect : Threat Cleared | Sub Rule | Failed Malware Activity | Failed Malware | |
V 2.0 : Cylance Protect : Threat Quarantined | Sub Rule | Failed Malware Activity | Failed Malware | |
V 2.0 : Cylance Protect : Threat Waived | Sub Rule | General Security | Other Security | |
V 2.0 : Cylance Protect : Threat Changed | Sub Rule | General Security | Other Security | |
V 2.0 : Cylance Protect : Corrupt File | Sub Rule | General Antivirus Error | Error |