Index, Eventtypes, and Sourcetypes Skip Navigation

Index, Eventtypes, and Sourcetypes

The most important data classifiers are outlined below:
  • Following
    best practices, this application is no longer bundled with a pre-specified index, however, we strongly recommend sending data to index=cylance_protect. If the index was previously specified as index=protect, this will also work as the dashboards are populated using an eventtype that will accept either. If a custom index name is used, then the eventtype=cylance_index must be modified to accept the custom index name.
  • eventtype=cylance_index –  eventtypes allows the index to either be protect or cylance_protect. If a custom index name is used, the eventtype must be modified for the dashboards to populate properly.
  • syslog sourcetypes
    •   syslog_protect
      • syslog_app_control
      • syslog_audit_log
      • syslog_device
      • syslog_device_control
      • syslog_exploit
      • syslog_optics
      • syslog_script_control
      • syslog_threat
      • syslog_threat_classification
      Syslog events will enter the app as syslog_protect and will be sorted into one of the other “syslog_” source types, based on content.
  •   TDR sourcetypes
    • threat
    • device
    • threat_indicator
    • event