Skip to main content
Skip table of contents

V 2.0 : Cylance Optics : Process Threat Detected

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification
V 2.0 : Cylance Optics : Process Threat DetectedBase RuleGeneral Threat MessageActivity

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
Description<policy>Text/StringThe name of the Detection Rule that was triggered.
Device ID<serialnumber>Text/StringThe unique ID for the device.
Device Name<dname>Text/StringThe name of the device on which the Detection Event occurred.
Event IDN/AN/AThe unique ID for the Detection Event.
Event NameN/AN/AThe Detection Event involved a Target Process.
Event Type<vmid> Text/StringThe Detection Event involved a Target Process.
Instigating Process Image File Sha256N/AN/AThe SHA256 hash of the process that instigated the action.
Instigating Process Name<parentprocessname>Text/StringThe name of the process that instigated the action.
Instigating Process Owner<domainorigin>
<login>
Text/StringThe user who owns the process that instigated the action.
Severity<severity>Text/StringThe severity of the event.
High: A malicious event that requires immediate attention.
Medium: A suspicious event that should be reviewed.
Low: An important event, but may not be malicious.
Info: An observed event.
Target Process Image File Sha256<hash>Text/StringThe SHA256 hash of the process that was started or terminated.
Target Process Name<process>Text/StringThe name of the process that was started or
terminated.
Target Process Owner<domainimpacted>,<account>Text/StringThe user who owns the process that was started or terminated.
Zone NamesN/AN/AThe zones to which the device belongs.
Target Process Command Line<command>Text/StringThis is the command line that was used to start the process of interest for the process event.
Target Process File Path<parentprocesspath>Text/StringThis is the path of the target process executable.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.