Skip Navigation
  1. BlackBerry Docs
  2. Cylance products
  3. BlackBerry Extension for QRadar
  4. Use Log Activity

Use Log Activity

Use the Log Activity window to view Cylance event information.
  1. In QRadar, select
    Log Activity
    .
  2. Click
    Quick Searches
    , then select a predefined search.
    • Compliance: Source IP's Involved in Compliance Rules - Last 6 Hours
    • Compliance: Username Involved in Compliance Rules - Last 6 Hours
    • Cylance: All Events (Local Replay) - Last 6 Hours
    • Cylance: Allowed Application Control Events - Last 6 Hours
    • Cylance: Devices Needing Remediation - Last 6 Hours
    • Cylance: Top Devices - Last 6 Hours
    • Cylance: Top Optics Events - Last 6 Hours
    • Cylance: Top Successful Exploit Events - Last 6 Hours
    • Cylance: Top Threats - Last 6 Hours
  3. Hover over or right-click any of the following fields to view more details.
    • Any IP address
    • Cylance event ID
    • Device ID
    • Device name
      Right-clicking or hovering over the device name to get the device information could return empty if the device name was changed to be different from the hostname.
    • Device UUID
    • File SHA256
    • Host MAC addresses
    • Host IP addresses
    • Instigating Process ImageFileSha256
    • Optics event ID
    • Source MAC
    • Target File Sha256
    • Target Process ImageFileSha256
    • Threat SHA256