Skip to main content
Skip table of contents

V 2.0 : Cylance Protect : Threat Events

Vendor Documentation

Classification

Rule Name

Rule Type

Common Event

Classification
V 2.0 : Cylance Protect : Threat EventsBase RuleGeneral Threat MessageActivity
V 2.0 : Cylance Protect : Threat FoundSub RuleDetected Malware ActivityMalware
V 2.0 : Cylance Protect : Threat ClearedSub RuleFailed Malware ActivityFailed Malware
V 2.0 : Cylance Protect : Threat QuarantinedSub RuleFailed Malware ActivityFailed Malware
V 2.0 : Cylance Protect : Threat WaivedSub RuleGeneral SecurityOther Security
V 2.0 : Cylance Protect : Threat ChangedSub RuleGeneral SecurityOther Security
V 2.0 : Cylance Protect : Corrupt FileSub RuleGeneral Antivirus ErrorError

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
N/AN/AN/ADevice Product
Auto RunN/AN/APossible Values: False, True, and Unknown.
Cylance Score<severity>NumberRanges from 1 to 100.
Detected ByN/AN/APossible Values: ExecutionControl, BackgroundThreatDetection, FileWatcher, NotAvailable, and RunningModuleScan.
Device Name<dname>Text/StringThe name of the device on which the threat was found.
Drive TypeN/AN/A

The type of drive or storage device the threat originated from, if known.

The drive type includes: CDROM, Fixed, Network, None, No Root Directory, RAM, and Removable.

Event Name<action>, <tag1>Text/Stringthreat_found, threat_cleared, threat_quarantined, threat_waived, threat_changed, corrupt_found
Event Type<vmid>Text/StringThreat
File Name<object>Text/StringThe name of the threat (file).
File typeN/AN/AArchive, Executable, Linuxexe, MacOSExe, Ole, Pdf, Unknown
Found DateN/AN/AThe date and time the threat was found on the device.
IP Address<dip>IP AddressThe IP address or IP addresses for the device.
Is MalwareN/AN/APossible Values: False, True.
Is RunningN/AN/APossible Values: False, True.
Is Unique to CylanceN/AN/APossible Values: False, True.
MD5N/AN/AThe MD5 hash for the file.
PathN/AN/AThe path to the file.
SHA256<hash>Text/String
The SHA256 hash for the file.
Status<status>Text/String
Possible Values: Abnormal, Cleared, Corrupt, Quarantined, Unsafe, and Waived.
Threat Classification<threatname>Text/StringPossible Values: File Unavailable, Malware, Possible PUP, PUP, Trusted, and Unclassified.
Zone Names<subject>Text/StringThe names of the zones where the threat was found.
Policy Name<policy>Text/StringThis is the name of the device policy.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.