V 2.0 : Cylance Protect : Threat Classifi. Events
Vendor Documentation
Classification
Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : Cylance Protect : Threat Classifi. Events | Base Rule | General Threat Message | Activity |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| N/A | N/A | N/A | Device Product |
| Event Name | <action> | Text/String | Possible Values: ResearchSaved and ThreatUpdated. |
| Event Type | <vmid> | Text/String | ThreatClassification |
| MD5 | N/A | N/A | The MD5 hash for the file. |
| SHA256 | <hash> | Text/String | The SHA256 hash for the file. |
| Threat Classification | <threatname> | Text/String | A combination of Threat Class and Threat Subclass. Threat Class Possible Values: Dual Use, File Unavailable, Malware, Possible PUP, PUP, and Trusted. Threat Subclass Possible Values: Adware, Backdoor, Bot, Corrupt, Crack, Downloader, Dropper, Exploit, Fake Alert, Fake AV, Game, Generic, Hacking Tool, Infostealer, Keygen, Monitoring Tool, Other, Parasitic , Pass Crack , Portable Application, Ransom, Remnant, Remote Access, Rootkit, Scripting Tool, Tool, Toolbar, Trojan, Virus, and Worm. |