Syslog - Cylance Optics Detection\Protect Events
BlackBerry Cylance develops artificial intelligence to deliver prevention-first, predictive security products, and smart, simple, secure solutions that change how organizations approach endpoint security. BlackBerry Cylance provides full-spectrum predictive threat prevention and visibility across the enterprise to combat the most notorious and advanced cybersecurity attacks, fortifying endpoints to promote security hygiene in the security operations center, throughout global networks, and even on employees’ home networks. With AI-based malware prevention, threat hunting, automated detection and response, and expert security services, BlackBerry Cylance protects the endpoint without increasing staff workload or costs.
Device Details
| Device Name | Cylance Syslog |
|---|---|
| Vendor | BlackBerry |
| Device Type | Endpoint Security & Threat Prevention |
| Supported Model Name/Number | N/A |
| Supported Software Version | All |
| Collection Method | Syslog |
| Configurable Log Output | N/A |
| Log Source Type | Syslog - Cylance Optics Detection\Protect Events |
| Log Processing Policy | LogRhythm Default v2.0 |
| Exceptions | N/A |
| Additional Information | https://docs.blackberry.com/content/dam/docs-blackberry-com/release-pdfs/en/cylance-products/syslog-guides/Cylance%20Syslog%20Guide%20v2.0%20rev12.pdf |
Supported Log Messages
(List of LR Tags used to parse the log information for each message type)
Type | Product Version | Supported Schema Fields |
|---|---|---|
V 2.0 : Cylance Optics : Process Threat Detected | N/A | <policy>, <serialnumber>, <dname>, <vmid>, <parentprocessname>, <domainorigin>, <login>, <severity>, <hash>, <process>, <domainimpacted>, <account> |
| V 2.0 : Cylance Optics : File Threat Detected | N/A | <policy>, <serialnumber>, <dname>, <vmid>, <parentprocessname>, <domainorigin>, <login>, <severity>, <hash>, <object>, <domainimpacted>, <account> |
| V 2.0 : Cylance Optics : Registry Threat Detected | N/A | <policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>,<object>, <objectname> |
| V 2.0 : Cylance Optics : Memory Threat Detected | N/A | <policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity> |
| V 2.0 : Cylance Optics : Network Threat Detected | N/A | <policy>, <serialnumber>, <sname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <dip>, <dport> |
| V 2.0 : Cylance Optics : WMI Threat Detected | N/A | <policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <action>, <size>, <command> |
| V 2.0 : Cylance Optics : DNS Threat Detected | N/A | <policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <dip>, <quantity>, <domainimpacted> |
| V 2.0 : Cylance Optics : Log Threat Detected | N/A | <policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <objecttype>, <object> |
| V 2.0 : Cylance Optics : Powershell Threat Detect | N/A | <policy>, <serialnumber>, <dname>, <vmid>, <hash>, <process>, <domainorigin>, <login>, <severity>, <size>, <command> |
| V 2.0 : Cylance Protect : AppControl Events | N/A | <result>, <tag1>, <dname>, <action>, <vmid>, <object>, <dip>, <hash> |
| V 2.0 : Cylance Protect : Audit Event | N/A | <action>, <tag1>, <vmid>,<login>, <vendorinfo> |
| V 2.0 : Cylance Protect : Device Control Events | N/A | <dname>, <action>, <tag1>, <vmid>, <object>, <objectname>, <serialnumber>, <vendorinfo> |
| V 2.0 : Cylance Protect : Device Events | N/A | <vendorinfo>, <action>, <tag1>, <vmid>, <dip>, <domainorigin>, <login>, <dmac> |
| V 2.0 : Cylance Protect : Memory Exploit Events | N/A | <dname>, <action>, <tag1>, <vmid>, <dip>, <processid>, <process>, <login>, <threatname> |
| V 2.0 : Cylance Protect : Script Control Events | N/A | <dname>, <action>, <tag1>, <vmid>, <object> |
| V 2.0 : Cylance Protect : Threat Classifi. Events | N/A | <action>, <vmid>, <hash>, <threatname> |
| V 2.0 : Cylance Protect : Threat Events | N/A | <severity>, <dname>, <action>, <tag1>, <vmid>, <object>, <dip>, <hash>, <status>, <threatname> |
| Catch All : Level 2 | N/A | <vmid>, <login> |
| Catch All : Level 1 | N/A | <severity>, <tag1> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
| KB 7.1.643.0 | N/A | Device Documentation | N/A |