Skip Navigation

Data source types

Syslog events
The syslog-based source types for the
CylancePROTECT
Application for
Splunk
provide real time information on threats, devices, threat classifications, memory protection, application control, and audit log.
Source type
Description
Application control
Syslog will report any events detected on devices, including denied attempts to create or modify applications, or to execute files from a network or external location.
Audit log
Syslog will report all user actions performed on the
Cylance
console by administrators, zone managers, and users.
Devices
Syslog will report devices that have been registered, modified, or removed.
Device control
Syslog will report device control events like the device type, vendor ID, and product ID.
Memory protection
Syslog will report any malicious processes and exploits that were detected and/or blocked by this script.
Script control
Syslog will report all scripts that ran or attempted to run.
Threats
Syslog will report any newly found threats in your environment as well as any changes observed for existing threats.
Threat classifications
Syslog will report any newly classified threats or changes to existing threat classifications.
Threat data report
The threat data report-based source types for the
CylancePROTECT
Application for
Splunk
are extracted from the
CylancePROTECT
threat data report, which list the threats and devices in your environments.
Script
Description
Threats
The Threats script reports all threats that are detected in your environment, along with relevant information such as file name, file hashes, file status, and
Cylance
Score.
Devices
The Devices script reports all
CylancePROTECT Desktop
registered devices in your organization, along with information such as each device’s operating system, agent version, and MAC address.
Indicators
The indicators script reports each threat with a unique SHA256 hash and all associated threat indicators that characterize the file.
For more information about threat indicators, see KB 66181.
Events
The Events script will report all threat events that occurred in your organization for the last 30 days. This information includes the file hash, the device name, the file path, the date and time it was found, the threat status, and the
Cylance
Score.