Blackberry

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Blackberry Cylance Raw Events

✅

✅

✅

cylance_raw_events

Key Value

S3


Overview

imageBlackBerry Cylance is a cybersecurity company that leverages artificial intelligence and machine learning to provide advanced threat detection and prevention solutions.

Known for its endpoint protection platform, CylancePROTECT, it proactively identifies and mitigates threats by analyzing the behavior of files and processes in real-time, rather than relying on traditional signature-based methods. This approach enables it to stop malware, ransomware, and other sophisticated cyber threats before they can cause harm.

Supported data types

Blackberry Cylance Raw Events

Table name: cylance_raw_events

BlackBerry Cylance raw events are detailed logs that capture granular data on activities and security events detected by Cylance's AI-driven cybersecurity solutions. These raw events include information on file executions, process behaviors, system changes, and network connections, providing deep insights into potential threats and security incidents.

By analyzing these raw events, security teams can conduct thorough investigations, identify patterns, and gain a comprehensive understanding of the security landscape.

Send data to Hunters

Hunters support the collection of Blackberry Cylance Raw Events via an intermediary AWS S3 bucket.

To connect Blackberry Cylance Raw Events:

  1. Follow the Blackberry Cylance doumentation to export Raw Events to an intermediary AWS S3 bucket.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Logs are expected in Key-Value format.

Blackberry Cylance Raw Events Sample

541 <42>1 2024-07-08T11:01:45.916000Z sysloghost CylancePROTECT - - - Event Type: ScriptControl, Event Name: Alert, Device Name: DEVICENAME12, File Path: c:\users\test\appdata\local\temp\32f467c0-425d-4853-8776-0517e4506366\asdsad.vbs, SHA256: 61064EA55D079E348277F67F16B9EC93C5FE050C3368A41B90A0439A27979715, Status: Unscored, Interpreter: ActiveScript, Interpreter Version: 5.7.0.6000, Zone Names: (CV SERVER LEGACY), User Name: svc_orion, Device Id: 278c6917-a89b-49f3-99c5-98e27f831217, Policy Name: SVR AV/Exploit/Script Alert