Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.

Log FieldLogRhythm Default

LogRhythm Default v2.0



Device IDN/A<serialnumber>
Device Name<dname><dname>
Event IDN/AN/A
Event Name<vmid>N/A
Event Type<objecttype><vmid> 
Instigating Process Image File Sha256<hash><hash>
Instigating Process Name<parentprocessname><process>
Instigating Process Owner<domainorigin>, <login><domainorigin>, <login>
Zone NamesN/AN/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

Regex IDRule NameRule TypeCommon EventsClassifications
1010205CylanceOPTICS : Memory EventsBase RuleSuspicious ActivitySuspicious

LogRhythm Default v2.0

Regex IDRule NameRule TypeCommon EventsClassifications
1011388V 2.0 : Cylance Optics : Memory Threat DetectedBase RuleGeneral Threat MessageActivity