V 2.0 : Cylance Protect : Device Control Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : Cylance Protect : Device Control Events | Production | General Antivirus Information | Information |
| V 2.0 : Cylance Protect : Device Blocked | Production | Storage Device Detected | Activity |
| V 2.0 : Cylance Protect : Device Allowed | Production | Threat Blocked | Failed Activity |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| N/A | N/A | N/A | Device Product |
| Device Name | <dname> | Text/String | The name of the device associated with the Device Control event. |
| Event Type | <vmid> | Text/String | DeviceControl |
| Event Name | <action>, <tag1> | Text/String | Possible values: Block, Fullaccess. |
| External Device Type | <object> | Text/String | Possible values: AndroidUSB, iOS, StillImage, USBCDDVDRW, USBDrive, VMWareMount, WPD. |
| External Device Name | <objectname> | Text/String | The name given to the external device. |
| External Device Product ID | N/A | N/A | Varies by manufacturer. |
| External Device Serial Number | <serialnumber> | Number | Varies by manufacturer. |
| External Device Vendor ID | N/A | N/A | Varies by manufacturer. |
| Zone Names | N/A | N/A | The zones to which the device belongs. |