Skip to main content
Skip table of contents

V 2.0 : Cylance Optics : Log Threat Detected

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification
V 2.0 : Cylance Optics : Log Threat DetectedBase RuleGeneral Threat MessageActivity

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
Description<policy>Text/StringThe name of the Detection Rule that was triggered.
Device ID<serialnumber>Text/String
The unique ID for the device.
Device Name<dname>Text/String
The name of the device on which the Detection Event occurred.
Event IDN/AN/AThe unique ID for the Detection Event.
Event NameN/AN/AThe Detection Event involved a Target File.
Event Type<vmid>Text/String
The Detection Event involved a Target File.
Instigating Process Image File Sha256<hash>Text/String
The SHA256 hash of the process that instigated the action.
Instigating Process Name<process>Text/String
The name of the process that instigated the action.
Instigating Process Owner<domainorigin>, <login>Text/String
The user who owns the process that instigated the action.
Severity<severity>Text/String
The severity of the event.
High: A malicious event that requires immediate attention.
Medium: A suspicious event that should be reviewed.
Low: An important event, but may not be malicious.
Info: An observed event.
Security Provider<objecttype>Text/String
The name of the service which generated the Windows Event Log message.
Windows Event ID<object>NumberThe numerical Windows Event ID associated with the Windows Event.
Zone NamesN/AN/AThe zones to which the device belongs.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.