Index, Eventtypes, and Sourcetypes Skip Navigation
  1. BlackBerry Docs
  2. Cylance products
  3. Protect Application for Splunk
  4. Introduction
  5. Index, Eventtypes, and Sourcetypes

Index, Eventtypes, and Sourcetypes

The most important data classifiers are outlined below:
Index
  • Following
    Splunk
     best practices, this application is no longer bundled with a pre-specified index, however, we strongly recommend sending data to index=cylance_protect. If the index was previously specified as index=protect, this will also work as the dashboards are populated using an eventtype that will accept either. If a custom index name is used, then the eventtype=cylance_index must be modified to accept the custom index name.
Eventtypes
  • eventtype=cylance_index –  eventtypes allows the index to either be protect or cylance_protect. If a custom index name is used, the eventtype must be modified for the dashboards to populate properly.
Sourcetypes
  • syslog sourcetypes
    •   syslog_protect
      • syslog_app_control
      • syslog_audit_log
      • syslog_device
      • syslog_device_control
      • syslog_exploit
      • syslog_optics
      • syslog_script_control
      • syslog_threat
      • syslog_threat_classification
      Syslog events will enter the app as syslog_protect and will be sorted into one of the other “syslog_” source types, based on content.
  •   TDR sourcetypes
    • threat
    • device
    • threat_indicator
    • event