Skip to main content
Skip table of contents

Syslog - Cylance Optics Detection\Protect Events

BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products, and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full-spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks, fortifying endpoints to promote security hygiene in the security operations centre, throughout global networks, and even on employees’ home networks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs.

Device Details

Device Name

Cylance Syslog

Vendor

BlackBerry

Device Type

Endpoint Security & Threat Prevention

Supported Model Name/Number

N/A

Supported Software Version

All

Collection Method

Syslog

Configurable Log Output

N/A

Log Source Type

Syslog - Cylance Optics Detection\Protect Events

Log Processing Policy

LogRhythm Default v2.0

Exceptions

N/A

Additional Information

https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/cylance-syslog-guide/CylancePROTECT_Event_Types

Supported Log Messages

(List of LR Tags used to parse the log information for each message type)

Type

Product Version

Supported Schema Fields

V 2.0: Cylance Optics: Process Threat Detected

N/A

<policy>, <serialnumber>, <dname>, <vmid>, <parentprocessname>, <domainorigin>, <login>, <severity>, <hash>, <process>, <domainimpacted>, <account>, <command>, <parentprocesspath>

V 2.0: Cylance Optics: File Threat Detected

N/A

<policy>, <serialnumber>, <dname>, <vmid>, <parentprocessname>, <domainorigin>, <login>, <severity>, <hash>, <object>, <domainimpacted>, <account>

V 2.0: Cylance Optics: Registry Threat Detected

N/A

<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <object>, <objectname>

V 2.0: Cylance Optics: Memory Threat Detected

N/A

<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>

V 2.0: Cylance Optics: Network Threat Detected

N/A

<policy>, <serialnumber>, <sname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <dip>, <dport>

V 2.0: Cylance Optics: WMI Threat Detected

N/A

<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <action>, <size>, <command>

V 2.0: Cylance Optics: DNS Threat Detected

N/A

<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <dip>, <quantity>, <domainimpacted>

V 2.0: Cylance Optics: Log Threat Detected

N/A

<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <objecttype>, <object>

V 2.0: Cylance Optics: Powershell Threat Detect

N/A

<policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <size>, <command>

V 2.0: Cylance Protect: AppControl Events

N/A

<result>, <tag1>, <dname>, <action>, <vmid>, <object>, <dip>, <hash>

V 2.0: Cylance Protect: Device Control Events

N/A

<dname>, <action>, <tag1>, <vmid>, <object>, <objectname>, <serialnumber>, <vendorinfo>

V 2.0: Cylance Protect: Device Events

N/A

<vendorinfo>, <action>, <tag1>, <vmid>, <dip>, <domainorigin>, <login>, <dmac>

V 2.0: Cylance Protect: Memory Exploit Events

N/A

<dname>, <action>, <tag1>, <vmid>, <dip>, <processid>, <process>, <login>, <threatname>

V 2.0: Cylance Protect: Script Control Events

N/A

<dname>, <action>, <tag1>, <vmid>, <object>

V 2.0: Cylance Protect: Threat Classifi. Events

N/A

<action>, <vmid>, <hash>, <threatname>

V 2.0: Cylance Protect: Threat Events

N/A

<severity>, <dname>, <action>, <tag1>, <vmid>, <object>, <dip>, <hash>, <status>, <threatname>, <policy>, <subject>

Catch-All: Level 2

N/A

<vmid>, <login>

Catch-All: Level 1

N/A

<severity>, <tag1>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.643.0

Syslog - Cylance Optics Detection\Protect Events

Device Documentation

N/A

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.