Skip to main content
Skip table of contents

Syslog - Cylance Optics Detection\Protect Events

BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products, and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full-spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks, fortifying endpoints to promote security hygiene in the security operations centre, throughout global networks, and even on employees’ home networks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs.

Device Details

Device NameCylance Syslog
VendorBlackBerry
Device TypeEndpoint Security & Threat Prevention
Supported Model Name/NumberN/A
Supported Software VersionAll
Collection MethodSyslog
Configurable Log OutputN/A
Log Source TypeSyslog - Cylance Optics Detection\Protect Events
Log Processing PolicyLogRhythm Default v2.0
ExceptionsN/A
Additional Informationhttps://docs.blackberry.com/content/dam/docs-blackberry-com/release-pdfs/en/cylance-products/syslog-guides/Cylance%20Syslog%20Guide%20v2.0%20rev12.pdf

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

Type

Product Version

Supported Schema Fields

V 2.0: Cylance Optics: Process Threat Detected

N/A<policy>, <serialnumber>, <dname>, <vmid>, <parentprocessname>, <domainorigin>, <login>, <severity>, <hash>, <process>, <domainimpacted>, <account>, <command>, <parentprocesspath>
V 2.0: Cylance Optics: File Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <parentprocessname>, <domainorigin>, <login>, <severity>, <hash>, <object>, <domainimpacted>, <account>
V 2.0: Cylance Optics: Registry Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <object>, <objectname>
V 2.0: Cylance Optics: Memory Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>
V 2.0: Cylance Optics: Network Threat DetectedN/A<policy>, <serialnumber>, <sname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <dip>, <dport>
V 2.0: Cylance Optics: WMI Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <action>, <size>, <command>
V 2.0: Cylance Optics: DNS Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <dip>, <quantity>, <domainimpacted>
V 2.0: Cylance Optics: Log Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <objecttype>, <object>
V 2.0: Cylance Optics: Powershell Threat DetectN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <size>, <command>
V 2.0: Cylance Protect: AppControl EventsN/A<result>, <tag1>, <dname>, <action>, <vmid>, <object>, <dip>, <hash>
V 2.0: Cylance Protect: Device Control EventsN/A<dname>, <action>, <tag1>, <vmid>, <object>, <objectname>, <serialnumber>, <vendorinfo>
V 2.0: Cylance Protect: Device EventsN/A<vendorinfo>, <action>, <tag1>, <vmid>, <dip>, <domainorigin>, <login>, <dmac>
V 2.0: Cylance Protect: Memory Exploit EventsN/A<dname>, <action>, <tag1>, <vmid>, <dip>, <processid>, <process>, <login>, <threatname>
V 2.0: Cylance Protect: Script Control EventsN/A<dname>, <action>, <tag1>, <vmid>, <object>
V 2.0: Cylance Protect: Threat Classifi. EventsN/A<action>, <vmid>, <hash>, <threatname>
V 2.0: Cylance Protect: Threat EventsN/A<severity>, <dname>, <action>, <tag1>, <vmid>, <object>, <dip>, <hash>, <status>, <threatname>
Catch-All: Level 2N/A<vmid>, <login>
Catch-All: Level 1N/A<severity>, <tag1>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.643.0N/ADevice DocumentationN/A

BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products, and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full-spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks, fortifying endpoints to promote security hygiene in the security operations centre, throughout global networks, and even on employees’ home networks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs.

Device Details

Device NameCylance Syslog
VendorBlackBerry
Device TypeEndpoint Security & Threat Prevention
Supported Model Name/NumberN/A
Supported Software VersionAll
Collection MethodSyslog
Configurable Log OutputN/A
Log Source TypeSyslog - Cylance Optics Detection\Protect Events
Log Processing PolicyLogRhythm Default v2.0
ExceptionsN/A
Additional Informationhttps://docs.blackberry.com/content/dam/docs-blackberry-com/release-pdfs/en/cylance-products/syslog-guides/Cylance%20Syslog%20Guide%20v2.0%20rev12.pdf

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

Type

Product Version

Supported Schema Fields

V 2.0: Cylance Optics: Process Threat Detected

N/A<policy>, <serialnumber>, <dname>, <vmid>, <parentprocessname>, <domainorigin>, <login>, <severity>, <hash>, <process>, <domainimpacted>, <account>
V 2.0: Cylance Optics: File Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <parentprocessname>, <domainorigin>, <login>, <severity>, <hash>, <object>, <domainimpacted>, <account>
V 2.0: Cylance Optics: Registry Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <object>, <objectname>
V 2.0: Cylance Optics: Memory Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>
V 2.0: Cylance Optics: Network Threat DetectedN/A<policy>, <serialnumber>, <sname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <dip>, <dport>
V 2.0: Cylance Optics: WMI Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <action>, <size>, <command>
V 2.0: Cylance Optics: DNS Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <dip>, <quantity>, <domainimpacted>
V 2.0: Cylance Optics: Log Threat DetectedN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <objecttype>, <object>
V 2.0: Cylance Optics: Powershell Threat DetectN/A<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <size>, <command>
V 2.0: Cylance Protect: AppControl EventsN/A<result>, <tag1>, <dname>, <action>, <vmid>, <object>, <dip>, <hash>
V 2.0: Cylance Protect: Audit EventN/A<vmid>, <action>, <tag1>, <vendorinfo>, <hash>, <object>, <reason>, <subject>, <objecttype>, <domainorigin>, <login>, <dname>
V 2.0: Cylance Protect: Device Control EventsN/A<dname>, <action>, <tag1>, <vmid>, <object>, <objectname>, <serialnumber>, <vendorinfo>
V 2.0: Cylance Protect: Device EventsN/A<vendorinfo>, <action>, <tag1>, <vmid>, <dip>, <domainorigin>, <login>, <dmac>
V 2.0: Cylance Protect: Memory Exploit EventsN/A<dname>, <action>, <tag1>, <vmid>, <dip>, <processid>, <process>, <login>, <threatname>
V 2.0: Cylance Protect: Script Control EventsN/A<dname>, <action>, <tag1>, <vmid>, <object>
V 2.0: Cylance Protect: Threat Classifi. EventsN/A<action>, <vmid>, <hash>, <threatname>
V 2.0: Cylance Protect: Threat EventsN/A<severity>, <dname>, <action>, <tag1>, <vmid>, <object>, <dip>, <hash>, <status>, <threatname>
Catch-All: Level 2N/A<vmid>, <login>
Catch-All: Level 1N/A<severity>, <tag1>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.643.0N/ADevice DocumentationN/A
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.