Skip Navigation

Persona Desktop events

This option is visible only if Persona Desktop is enabled. When this option is turned on, the events that are detected by the Persona Desktop agent on users’ devices are sent to your organization’s syslog server.
Trust scores and model scores are displayed as N/A in the syslog message when Persona Desktop is in training mode.
Field
Value
Description
Alert ID
[varies]
This is the unique ID associated with the Persona Desktop event.
Alert Severity
[varies]
This is the severity of the alert.
Alert Time
[varies]
This is the event Action Type and it is used as the name for the alert. See Persona Desktop event types for more information.
Alert Type
Failed 2FA
The user failed to pass the two-factor authentication (2FA) logon.
Failed Logon
The user failed to enter the correct username and password when logging into the device.
Forced Step-Up Authentication
The user was required to enter their username and password or pass a 2FA challenge to continue using the device.
Device ID
[varies]
This the unique device ID associated with the event.
Device Name
[varies]
This is the device name associated with the event.
Event Name
Persona Event
This is the defined event name for Persona Desktop events.
Event Type
PersonaEvent
This is the defined event type for Persona Desktop events.
IP Address
[varies]
This is the IP address for the device.
Keyboard Model Score
[varies]
This is a model score based on the way the user types on the keyboard.
Logon Model Score
[varies]
This is a model score based on when the user logs on or when the user fails at logging on.
Meta Model Score
[varies]
This is a combined score from the keyboard, mouse, and conduct models.
Mouse Model Score
[varies]
This is a model score based on the way the user moves and clicks the mouse or trackpad.
Network Model Score
[varies]
This is a model score based on the IP addresses and ports the user accesses.
Process Model Score
[varies]
This is a model score based on the applications the user launches.
Tenant ID
[varies]
This is the unique tenant ID.
User ID
[varies]
This is the unique user ID associated with the event.
User Name
[varies]
This is the username associated with the event.
User Trust Score
[varies]
This is the user's trust score.
Example syslog message
May 31 17:34:04 sysloghost CylancePROTECT: Event Type: PersonaEvent, Event Name: Persona Event, Tenant ID: 572d08ac-3232-41d8-a0fd-59a8db8d603d, Alert ID: 0d10cf3a-dfb9-4c6f-932b-550bf2d53ad7, Alert Type: Failed Logon, Alert Severity: High, User ID: 41577746-8260-30ac-35b2-e41c34c7ac6b, User Name: test10, Device ID: 58d0329c-eb73-4a54-9ca5-6dcb4e23746c, Device Name: PDTESTAGENT1, IP IpAddress: 82.45.6.13, Alert Time: 2/18/2021 1:22:02 AM, User Trust Score: 81, Meta Model Score: 82, Keyboard Model Score: 83, Mouse Model Score: 84, Logon Model Score: 85, Process Model Score: N/A, Network Model Score: 87