CylancePROTECT Desktop devices
CylancePROTECT Desktop
devicesSelecting this option sends device events to the syslog server.
Field | Value | Description |
|---|---|---|
Agent Version | [varies] | This is the version of the CylancePROTECT Desktop agent installed on the device. |
CylanceOPTICS Version | [varies] | If CylanceOPTICS is enabled, this is the version of the CylanceOPTICS agent installed on the device. |
Device Message | [varies] | The message is populated when the device details are changed by the user. This can include: name change, policy change, zone changes, log level change, and self-protection level change. |
Device Name | [varies] | This is the name of the device. |
Event Type | Device | This is a device event. |
Event Name | Device Policy Assigned | A policy was assigned to the device. |
Device Removed | The device was removed from the management console. | |
Device Updated | The device was updated. | |
Device Assigned to Zone | The device was assigned to a zone or zones. | |
Registration | A new device was registered with the management console. | |
System Security | A message that is logged after a new device is registered and when a user logs on to the device. | |
IP Address | [varies] | This is the IP address for the device. |
Kernel Version | [varies] | This is the operating system's running kernel version on the device. |
Logged On Users | [varies] | These are the users currently logged on to the device. This could be the email address and/or user’s name. |
MAC Address | [varies] | This is the MAC address for the device. |
OS | [varies] | This is the operating system used on the device. |
Policy Change | [varies] | This shows the previous policy and the new policy assigned to the device. |
Policy Name | [varies] | This is the name of the policy assigned to the device. |
Renamed | “device_name” to “device_name” | This shows the previous name and the new name for the device. |
User | [varies] | This is the name of the user updating the device. |
Zones Added | [varies] | These are the zone names to which the device has been added. |
Zone Name | [varies] | These are the zone names to which the device is assigned. |
New device registration events
When a new device is registered, you will receive two messages for this event: Registration and SystemSecurity.
SystemSecurity messages are also generated when a user logs on to a device, so you may receive this message after registration.
BlackBerry Protect Desktop: Event Type: Device, Event Name: Registration, Device Name: WIN-55NATVQHBU
BlackBerry Protect Desktop: Event Type: Device, Event Name: SystemSecurity, Device Name: WIN-55NATVQHBUU, Agent Version: 1.1.1270.58, IP Address: (10.3.0.154), MAC Address: (005056881877), Logged On Users: (WIN-55NATVQHBUU\Administrator), OS: Microsoft Windows Server 2008 R2 Standard Service Pack 1 x64 6.1.7601
Example message when removing a device
When a device is removed, you will receive the following message for this event: Device Removed.
BlackBerry Protect Desktop: Event Type: Device, Event Name: Device Removed, Device Names: (jsmithxp-test), User: (jsmith@contoso.com)
Example message when updating a device
When a device’s policy, zone, name, or logging level has changed, you will receive the following message for this event: Device Updated.
BlackBerry Protect Desktop: Event Type: Device, Event Name: Device Updated, Device Message: Renamed: 'WIN-55NATVQHBUU' to 'WIN-2008R2-IRV1'; Policy Changed: 'Default' to 'IRVPolicy1'; Zones Added: 'IRV1', User: John Smith (johnsmith@contoso.com)