BlackBerry Optics network-based detection events
BlackBerry Optics
network-based detection eventsThese events occur when a Detection Event that includes a Network Process artifact is triggered.
Field | Value | Description |
|---|---|---|
Description | [varies] | Name of the Detection Rule that was triggered |
Destination IP | [varies] | Destination IP address involved with a Detection Event. This is typically a resource external to your environment |
Destination Port | [varies] | Network port on the destination IP address involved with a Detection Event |
Device Id | [varies] | Unique ID for the device |
Device Name | [varies] | Name of the device on which the Detection Event occurred |
Event Id | [varies] | Unique ID for the Detection Event |
Event Name | OpticsCaeNetworkEvent | Detection Event involved a network connection |
Event Type | OpticsCaeNetworkEvent | Detection Event involved a network connection |
Instigating Process ImageFileSha256 | [varies] | SHA256 hash of the process that instigated the action |
Instigating Process Name | [varies] | Name of the process that instigated the action |
Instigating Process Owner | [varies] | User who owns the process that instigated the action |
Severity | [varies] | Severity of the event
|
Zone Names | [varies] | Zones that the device belongs to |
Example message for network-based detection events
Event Type: OpticsCaeNetworkEvent, Event Name: OpticsCaeNetworkEvent, Device Name: OPTICS-DEMO-2, Zone Names: (Zone1, Zone2), Event Id: f3cc2742-34f8-4374-9231-d59350b10ecc, Severity: Low, Description: Unsigned Application Network Beaconing, Instigating Process Name: myapp.exe, Instigating Process Owner: CYLANCE/mmorin, Instigating Process ImageFileSha256: 4E66B857B7010DB8D4E4E28D73EB81A99BD6915350BB9A63CD86671051B22F0E, Destination IP: 95.85.19.151, Destination Port: 443, Device Id: e378dacb-9324-453a-b8c6-5a8406952195