Log Fields and Parsing
This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there is no value parsed for a specified log field.
| Log Field | LogRhythm Default | LogRhythm Default v2.0
|
|---|
| N/A | <severity> | N/A |
| Auto Run | N/A | N/A |
| Cylance Score | <amount> | <severity> |
| Detected By | <process> | N/A |
| Device Name | <dname> | <dname> |
| Drive Type | N/A | N/A |
| Event Name | <vmid> | <action>, <tag1> |
| Event Type | N/A | <vmid> |
| File Name | <object> | <object> |
| File Type | <subject> | N/A |
| Found Date | N/A | N/A |
| IP Address | <dip> | <dip> |
| Is Malware | N/A | N/A |
| Is Running | N/A | N/A |
| Is Unique to Cylance | N/A | N/A |
| MD5 | N/A | N/A |
| Path | <url> | N/A |
| SHA256 | <hash>, <objectname> | <hash> |
| Status | <command>, <tag1> | <status> |
| Threat Classification | N/A | <threatname> |
| Zone Names | N/A | N/A |
Log Processing Settings
This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.
LogRhythm Default
| Regex ID | Rule Name | Rule Type | Common Events | Classifications |
|---|
1007398
| Scan Messages | Base Rule | Possible Malware Activity | Malware |
| Quarantined File | Sub Rule | Quarantine | Activity |
| Unsafe File | Sub Rule | Possible Malware Activity | Malware |
| Abnormal File | Sub Rule | Possible Malware Activity | Malware |
| Cleared File | Sub Rule | Failed Malware Activity | Failed Malware |
| Corrupt File | Sub Rule | Data Corrupt | Warning |
| Waived File | Sub Rule | Failed Malware Activity | Failed Malware |
LogRhythm Default v2.0
| Regex ID | Rule Name | Rule Type | Common Events | Classifications |
|---|
1011407
| V 2.0 : Cylance Protect : Threat Events | Base Rule | General Threat Message | Activity |
| V 2.0 : Cylance Protect : Threat Found | Sub Rule | Detected Malware Activity | Malware |
| V 2.0 : Cylance Protect : Threat Cleared | Sub Rule | Failed Malware Activity | Failed Malware |
| V 2.0 : Cylance Protect : Threat Quarantined | Sub Rule | Failed Malware Activity | Failed Malware |
| V 2.0 : Cylance Protect : Threat Waived | Sub Rule | General Security | Other Security |
| V 2.0 : Cylance Protect : Threat Changed | Sub Rule | General Security | Other Security |
| V 2.0 : Cylance Protect : Corrupt File | Sub Rule | General Antivirus Error | Error |