changes.mady.by.user Former user
Saved on Oct 10, 2022
Saved on Oct 11, 2022
...
edr.blackberry.cylance.users
edr.blackberry.cylance.policies
edr.blackberry.cylance.threats
Field
Type
Extra Label
eventdate
timestamp
-
hostname
str
id
tenant_id
first_name
last_name
email
cur_id
eeco_id
has_logged_in
bool
role_type
role_name
default_zone_role_type
default_zone_role_name
date_last_login
date_email_confirmed
date_created
date_modified
related_zones
int4
zone
zone_id
zone_role_type
zone_role_name
related_zone_count
at_devo_pulling_id
hostchain
✓
tag
rawMessage
Field Transformation
Source field name
memoryviolation_actions__memory_violations_ext_v2
memoryviolation_actions__memory_violations
memoryviolation_actions__memory_violations_ext
memoryviolation_actions__memory_exclusion_list
memoryviolation_actions__memory_exclusion_list_v2
filetype_actions__suspicious_files
filetype_actions__threat_files
checksum
file_exclusions
policy_name
script_control_v2
policy
policy_id
policy_utctimestamp
device_count
zone_count
date_added
parsedate(date_added_str, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS", "UTC"))
date_added_str
parsedate(date_modified_str, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS", "UTC"))
date_modified_str
log_policy_retentiondays
log_policy_log_upload
log_policy_maxlogsize
related_policys
policy_value
related_policy_count
agent_version
auto_run
av_industry
cert_issuer
cert_publisher
cert_timestamp
classification
cylance_score
float8
date_found
detected_by
device_id
device_name
file_path
file_size
file_status
global_quarantined
last_found
md5
name
running
safelisted
sha256
signed
state
sub_classification
unique_to_cylance
ip
mac
related_ips
related_ip
ip4
related_ip_count
related_macs
related_mac
related_mac_count
edr.blackberry.cylance.optics_detections
edr.blackberry.cylance.optics_detections_rules
edr.blackberry.cylance.optics_detections_exceptions
edr.blackberry.cylance.devices
Id
ActivationTime
AppliedExceptions
ArtifactsOfInterest__UnsignedProc
Detector__Name
Detector__Version
Device__CylanceId
Device__Name
Device__IpAddresses
Device__LoggedOnUsers
Name
ObjectType
OccurrenceTime
Product__Name
Product__Version
PhoneticId
ReceivedTime
SchemaVersion
Severity
SeveritySortLevel
Status
StatusSortLevel
TenantId
Trace
detection_rule_Name
detection_rule_Id
detection_rule_PolicyGroup
detection_rule_Version
detection_rule_ObjectType
--
detection_rule_Description
detection_rule_Category
related_zone_id
AssociatedArtifacts
DetectionRule__Name
DetectionRule__Id
DetectionRule__PolicyGroup
DetectionRule__Version
DetectionRule__ObjectType
DetectionRule__Description
DetectionRule__Category
detector_Name
detector_Version
device_CylanceId
device_Name
device_IpAddresses
device_LoggedOnUsers
product_Name
product_Version
related_zone_ids
related_zone_id_count
MaximumConcurrentActivations
ActivationLifetimeLimit
TerminateActiveDfaIfActivatingProcessesEnd
ActivationCanUtilizeDeviceStateEvents
AllowMultipleActivationsPerContext
OperatingSystems
States
Paths
Version
Description
Tags
RuleSource
RuleSourceGrouping
Plugin__Name
NotValidBefore
NotValidAfter
RulesetCount
LastModified
Category
DeviceCount
ModifiedBy__login
ModifiedBy__id
plugin_Name
PolicyCount
host_name
os_version
os_kernel_version
last_logged_in_user
update_type
update_available
background_detection
is_safe
date_first_registered
date_offline
date_last_modified
distinguished_name
dlcm_status
days_to_deletion
related_products
product
related_ip4
ip4(related_ip_str)
related_ip_str
related_ip6
ip6
ip6(related_ip_str)
product_name
product_version
product_status
