V 2.0 : Cylance Protect : Script Control Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : Cylance Protect : Script Control Events | Base Rule | General Threat Message | Activity |
| V 2.0 : Cylance Protect : Script Allowed | Sub Rule | Application Control Detection | Activity |
| V 2.0 : Cylance Protect : Script Blocked | Sub Rule | Application Blocked | Failed Activity |
| V 2.0 : Cylance Protect : Script Alert | Sub Rule | Application Control Detection | Activity |
| V 2.0 : Cylance Protect : Script Unknown | Sub Rule | General Security | Other Security |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| N/A | N/A | Text/String | Device Product |
| Device Name | <dname> | Text/String | The name of the device. |
| Event Type | <vmid> | Text/String | ScriptControl |
| Event Name | <action>, <tag1> | Text/String | Possible Values: Alert, Blocked, None, and Unknown. |
| File Path | <object> | Text/String | The path to the file. |
| Interpreter | N/A | N/A | ActiveScript, MacroScript, Powershell |
| Interpreter Version | N/A | N/A | The version number of the interpreter. |
| Zone Names | N/A | N/A | The names of the zones to which the device belongs. |