Skip Navigation

Mobile alerts

This option is visible only if
Protect Mobile
is enabled. When this option is turned on, the mobile alerts that are detected by the Protect Mobile app on users’ devices are sent to your organization’s syslog server.
Field
Value
Description
Alert Id
[varies]
This is the unique ID associated with the mobile alert.
Alert Name
maliciousApplication: [app name]
This is the name of the malicious app that the
Protect Mobile
app detected.
sideLoadedApplication for
Android
: [app name]
This is the name of the sideloaded app that the
Protect Mobile
app detected.
sideLoadedApplication for
iOS
: [signing ID]
This is the signing ID of the sideloaded app that the
Protect Mobile
app detected.
jailbrokenOrRooted for
Android
: Rooted
The
Protect Mobile
app detected that the device is rooted.
jailbrokenOrRooted for
iOS
: Jailbroken
The
Protect Mobile
app detected that the device is jailbroken.
deviceEncryption: Encryption disabled
The
Protect Mobile
app detected that encryption is not enabled on the device.
deviceScreenlock: Screenlock disabled
The
Protect Mobile
app detected that a screen lock is not enabled on the device.
iOsIntegrityFailure: iOS App Integrity Check
The
Protect Mobile
app failed an integrity check.
androidSafetyNetFailure: Android SafetyNet
The
Protect Mobile
app failed a SafetyNet attestation check.
androidHWFailure: Android Hardware
The
Protect Mobile
app failed hardware certificate attestation.
unsupportedOS: Unsupported OS
Based on the administrator configuration of the
Protect Mobile
policy, the
Protect Mobile
app detected that the device has an unsupported OS.
Alert Status
New
The mobile alert is not yet resolved.
Resolved
The mobile alert is resolved.
Alert Type
maliciousApplication
The
Protect Mobile
app detected a malicious app.
sideLoadedApplication
The
Protect Mobile
app detected a sideloaded app.
jailbrokenOrRooted
The
Protect Mobile
app detected that the device is jailbroken or rooted.
deviceEncryption
The
Protect Mobile
app detected that encryption is not enabled on the device.
deviceScreenlock
The
Protect Mobile
app detected that a screen lock is not enabled on the device.
iOsIntegrityFailure
The
Protect Mobile
app failed an integrity check.
androidSafetyNetFailure
The
Protect Mobile
app failed a SafetyNet attestation check.
androidHWFailure
The
Protect Mobile
app failed hardware certificate attestation.
unsupportedOS
Based on the administrator configuration of the
Protect Mobile
policy, the
Protect Mobile
app detected that the device has an unsupported OS.
ApplicationSha256
[SHA256 hash]
This is the SHA256 hash of a malicious or sideloaded
Android
app that the
Protect Mobile
app detected.
ApplicationName
[app name]
This is the name of a malicious or sideloaded
Android
app that the
Protect Mobile
app detected.
AttestationRuleFailure
[attestation rules]
These are the rules that failed when an attestation check occurred for the
Protect Mobile
app.
AttestationState
[attestation state]
This is the attestation state of the
Protect Mobile
app.
AttestationSubType
[attestation sub-type]
This is the sub-type of the attestation check for the
Protect Mobile
app.
Description
maliciousApplication: [package name], [package version], [SHA256 hash]
These are the details of the malicious app that was detected.
sideLoadedApplication for
Android
: [package name], [package version], [installer source], [SHA256 hash]
These are the details of the sideloaded app that was detected.
sideLoadedApplication for
iOS
: empty string
This field is not supported for
iOS
.
jailbrokenOrRooted: [OS name], [OS version]
This is the OS name and version of the jailbroken or rooted device.
deviceEncryption: [OS name], [OS version]
This is the OS name and version of the device that does not have encryption enabled.
deviceScreenlock: [OS name], [OS version]
This is the OS name and version of the device that does not have a screen lock enabled.
iOsIntegrityFailure: [attestation type], [attestation state]
These are the details of the failed
iOS
integrity check.
androidSafetyNetFailure: [attestation type]
These are the details of the failed SafetyNet attestation check.
androidHWFailure: [attestation type], [attestation state], [rule failure]
These are the details of the failed hardware certificate attestation.
unsupportedOS: [OS name], [OS version]
This is the OS name and version of the device with an unsupported OS.
Detected
[varies]
This is the date and time the alert was detected.
Device Id
[varies]
This is the unique ID of the user’s device.
Device Name
[varies]
This is the name of the user’s mobile device.
Event Type
MobileAlert
This is the defined event type for mobile alerts.
Event Name
ProtectMobileAlert
This is the defined event name for mobile alerts.
First Name
[varies]
This is the first name of the device user.
InstallerSource
[package name]
This is the package name of a sideloaded
Android
app that the
Protect Mobile
app detected.
Last Name
[varies]
This is the last name of the device user.
OsName
[OS name]
This is the OS of the device.
OsVersion
[OS version]
This is the device's OS version.
PackageName
[package name]
This is the package name of a malicious or sideloaded
Android
app that the
Protect Mobile
app detected.
PackageVersion
[package version]
This is the package version of a malicious or sideloaded
Android
app that the
Protect Mobile
app detected.
SigningIdentity
[signing ID]
This is the signing ID of a sideloaded
iOS
app that the
Protect Mobile
app detected.
SigningIdentitySha256
[signing ID hash]
This is the signing ID hash of a sideloaded
iOS
app that the
Protect Mobile
app detected.
Example syslog message
May 31 17:34:04 sysloghost CylancePROTECT Event Type: MobileAlert, Event Name: ProtectMobileAlert, Alert Type: sideLoadedApplication, Alert Name: Protect, Description: com.blackberry.protect, 1.4.397 (Installer Source: com.google.android.packageinstaller), 1234ABCD5678EFGH1234ABCD5678EFGH1234ABCD5678EFGH1234ABCD5678EFGH, Detected: 5/31/2021 2:32:12 PM, Alert Status: New, Device Name: Galaxy S9 SM-G960F, First Name: John, Last Name: Smith, Device Id: 1abc2345-67d8-9123-45ef-g45hi67j8kl9, Alert Id: a1b23456-789c-12d3-e45f-g6h7i8jk9123, Application Sha245: 1234ABCD5678EFGH1234ABCD5678EFGH1234ABCD5678EFGH1234ABCD5678EFGH, Application Name: Protect, Installer Source: com.google.android.packageinstaller, Package Name: com.blackberry.protect, Package Version: 1.4.397