Skip to main content
Skip table of contents

V 2.0 : Cylance Protect : Threat Classifi. Events

Vendor Documentation


Rule Name

Rule Type

Common Event

V 2.0 : Cylance Protect : Threat Classifi. EventsBase RuleGeneral Threat MessageActivity

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
N/AN/AN/ADevice Product
Event Name<action>Text/StringPossible Values: ResearchSaved and ThreatUpdated.
Event Type<vmid>Text/String
MD5N/AN/AThe MD5 hash for the file.
SHA256<hash>Text/StringThe SHA256 hash for the file.
Threat Classification<threatname>Text/String

A combination of Threat Class and Threat Subclass.

Threat Class Possible Values: Dual Use, File Unavailable, Malware, Possible PUP, PUP, and Trusted.

Threat Subclass Possible Values: Adware, Backdoor, Bot, Corrupt, Crack, Downloader, Dropper, Exploit, Fake Alert, Fake AV, Game, Generic, Hacking Tool, Infostealer, Keygen, Monitoring Tool, Other, Parasitic , Pass Crack , Portable Application, Ransom, Remnant, Remote Access, Rootkit, Scripting Tool, Tool, Toolbar, Trojan, Virus, and Worm.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.