Data source types

Syslog will report any events detected on devices, including denied attempts to create or modify applications, or to execute files from a network or external location.

Syslog will report all user actions performed on the

Cylance

console by administrators, zone managers, and users.

Syslog will report devices that have been registered, modified, or removed.

Syslog will report device control events like the device type, vendor ID, and product ID.

Syslog will report any malicious processes and exploits that were detected and/or blocked by this script.

Syslog will report all scripts that ran or attempted to run.

Syslog will report any newly found threats in your environment as well as any changes observed for existing threats.

Syslog will report any newly classified threats or changes to existing threat classifications.

The Threats script reports all threats that are detected in your environment, along with relevant information such as file name, file hashes, file status, and

Cylance

Score.

The Devices script reports all

CylancePROTECT Desktop

registered devices in your organization, along with information such as each device’s operating system, agent version, and MAC address.

The indicators script reports each threat with a unique SHA256 hash and all associated threat indicators that characterize the file.

For more information about threat indicators, see KB 66181.

The Events script will report all threat events that occurred in your organization for the last 30 days. This information includes the file hash, the device name, the file path, the date and time it was found, the threat status, and the

Cylance

Score.