Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
---|---|---|---|---|---|---|---|
Blackberry Cylance Raw Events | ✅ | ✅ | ✅ | cylance_raw_events | Key Value | S3 |
Overview
BlackBerry Cylance is a cybersecurity company that leverages artificial intelligence and machine learning to provide advanced threat detection and prevention solutions.
Known for its endpoint protection platform, CylancePROTECT, it proactively identifies and mitigates threats by analyzing the behavior of files and processes in real-time, rather than relying on traditional signature-based methods. This approach enables it to stop malware, ransomware, and other sophisticated cyber threats before they can cause harm.
Supported data types
Blackberry Cylance Raw Events
Table name: cylance_raw_events
BlackBerry Cylance raw events are detailed logs that capture granular data on activities and security events detected by Cylance's AI-driven cybersecurity solutions. These raw events include information on file executions, process behaviors, system changes, and network connections, providing deep insights into potential threats and security incidents.
By analyzing these raw events, security teams can conduct thorough investigations, identify patterns, and gain a comprehensive understanding of the security landscape.
Send data to Hunters
Hunters support the collection of Blackberry Cylance Raw Events via an intermediary AWS S3 bucket.
To connect Blackberry Cylance Raw Events:
Follow the Blackberry Cylance doumentation to export Raw Events to an intermediary AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in Key-Value format.
Blackberry Cylance Raw Events Sample
541 <42>1 2024-07-08T11:01:45.916000Z sysloghost CylancePROTECT - - - Event Type: ScriptControl, Event Name: Alert, Device Name: DEVICENAME12, File Path: c:\users\test\appdata\local\temp\32f467c0-425d-4853-8776-0517e4506366\asdsad.vbs, SHA256: 61064EA55D079E348277F67F16B9EC93C5FE050C3368A41B90A0439A27979715, Status: Unscored, Interpreter: ActiveScript, Interpreter Version: 5.7.0.6000, Zone Names: (CV SERVER LEGACY), User Name: svc_orion, Device Id: 278c6917-a89b-49f3-99c5-98e27f831217, Policy Name: SVR AV/Exploit/Script Alert