...
Product / Services | Tags | Data tables |
|---|
Blackberry | edr.blackberry.cylance.devices
| edr.blackberry.cylance.devices
|
edr.blackberry.cylance.optics_detections
| edr.blackberry.cylance.optics_detections
|
edr.blackberry.cylance.optics_detections_rules
| edr.blackberry.cylance.optics_detections_rules
|
edr.blackberry.cylance.optics_detections_exceptions
| edr.blackberry.cylance.optics_detections_exceptions
|
edr.blackberry.cylance.policies
| edr.blackberry.cylance.policies
|
edr.blackberry.cylance.threats
| edr.blackberry.cylance.threats
|
edr.blackberry.cylance.users
| edr.blackberry.cylance.users
|
For more information, read more about Devo tags.
Table structure
These are the fields displayed in the tablethese tables:
| Rw ui tabs macro |
|---|
| Anchor |
|---|
| edr.blackberry.cylance.devices |
|---|
| edr.blackberry.cylance.devices |
|---|
|
edr.blackberry.cylance.devicesField | Type | Field transformation | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | | hostname | str
| | | | id | str
| | | | name | str
| | | | host_name | str
| | | | os_version | str
| | | | os_kernel_version | str
| | | | state | str
| | | | agent_version | str
| | | | policy_id | str
| | | | last_logged_in_user | str
| | | | update_type | str
| | | | update_available | bool
| | | | background_detection | bool
| | | | is_safe | bool
| | | | date_first_registered | timestamp
| | | | date_offline | str
| | | | date_last_modified | timestamp
| | | | distinguished_name | str
| | | | dlcm_status | str
| | | | days_to_deletion | str
| | | | related_products | int4
| | | | product | str
| | | | ip | str
| | | | related_mac | str
| | | | policy_name | str
| | | | related_ips | int4
| | | | related_ip_count | int4
| | | | related_mac_count | int4
| | | | related_macs | int4
| | | | mac | str
| | | | related_ip4 | ip4
| | Code Block |
|---|
ip4(related_ip_str) |
| related_ip_str | | related_ip6 | ip6
| | Code Block |
|---|
ip6(related_ip_str) |
| related_ip_str | | product_name | str
| | | | product_version | str
| | | | product_status | str
| | | | at_devo_pulling_id | str
| | | | hostchain | str
| | | ✓ | tag | str
| | | ✓ | rawMessage | str
| | | ✓ |
| Anchor |
|---|
| edr.blackberry.cylance.optics_detections |
|---|
| edr.blackberry.cylance.optics_detections |
|---|
|
edr.blackberry.cylance.optics_detectionsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | Id | str
| | ActivationTime | timestamp
| | AppliedExceptions | str
| | ArtifactsOfInterest__UnsignedProc | str
| | Detector__Name | str
| | Detector__Version | str
| | Device__CylanceId | str
| | Device__Name | str
| | Device__IpAddresses | str
| | Device__LoggedOnUsers | str
| | Name | str
| | ObjectType | str
| | OccurrenceTime | timestamp
| | Product__Name | str
| | Product__Version | str
| | PhoneticId | str
| | ReceivedTime | timestamp
| | SchemaVersion | str
| | Severity | str
| | SeveritySortLevel | int4
| | Status | str
| | StatusSortLevel | int4
| | TenantId | str
| | Trace | str
| | detection_rule_Name | str
| | detection_rule_Id | str
| | detection_rule_PolicyGroup | str
| | detection_rule_Version | str
| | detection_rule_ObjectType | str
| | detection_rule_Description | str
| | detection_rule_Category | str
| | related_zone_id | str
| | zone_id | str
| | AssociatedArtifacts | str
| | DetectionRule__Name | str
| | DetectionRule__Id | str
| | DetectionRule__PolicyGroup | str
| | DetectionRule__Version | str
| | DetectionRule__ObjectType | str
| | DetectionRule__Description | str
| | DetectionRule__Category | str
| | detector_Name | str
| | detector_Version | str
| | device_CylanceId | str
| | device_Name | str
| | device_IpAddresses | str
| | device_LoggedOnUsers | str
| | product_Name | str
| | product_Version | str
| | related_zone_ids | int4
| | related_zone_id_count | int4
| | at_devo_pulling_id | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| edr.blackberry.cylance.optics_detections_rules |
|---|
| edr.blackberry.cylance.optics_detections_rules |
|---|
|
edr.blackberry.cylance.optics_detections_rulesField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | MaximumConcurrentActivations | int4
| | ActivationLifetimeLimit | str
| | TerminateActiveDfaIfActivatingProcessesEnd | bool
| | ActivationCanUtilizeDeviceStateEvents | bool
| | AllowMultipleActivationsPerContext | bool
| | OperatingSystems | str
| | States | str
| | Paths | str
| | ObjectType | str
| | Name | str
| | Id | str
| | Version | str
| | SchemaVersion | str
| | Description | str
| | Tags | str
| | RuleSource | str
| | RuleSourceGrouping | str
| | Severity | str
| | Plugin__Name | str
| | NotValidBefore | timestamp
| | NotValidAfter | timestamp
| | RulesetCount | int4
| | LastModified | timestamp
| | Category | str
| | DeviceCount | int4
| | ModifiedBy__login | str
| | ModifiedBy__id | str
| | product_Name | str
| | Product__Name | str
| | plugin_Name | str
| | at_devo_pulling_id | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| edr.blackberry.cylance.optics_detections_exceptions |
|---|
| edr.blackberry.cylance.optics_detections_exceptions |
|---|
|
edr.blackberry.cylance.optics_detections_exceptionsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | ObjectType | str
| | Plugin__Name | str
| | Tags | str
| | OperatingSystems | str
| | SchemaVersion | str
| | States | str
| | Name | str
| | Description | str
| | Id | str
| | Version | str
| | RulesetCount | int4
| | LastModified | timestamp
| | PolicyCount | int4
| | DeviceCount | int4
| | ModifiedBy__login | str
| | ModifiedBy__id | str
| | product_Name | str
| | Product__Name | str
| | plugin_Name | str
| | at_devo_pulling_id | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| edr.blackberry.cylance.policies |
|---|
| edr.blackberry.cylance.policies |
|---|
|
edr.blackberry.cylance.policiesField | Type | Field transformation | Source field name | Extra fields |
|---|
eventdate | timestamp
| | | | hostname | str
| | | | memoryviolation_actions__memory_violations_ext_v2 | str
| | | | memoryviolation_actions__memory_violations | str
| | | | memoryviolation_actions__memory_violations_ext | str
| | | | memoryviolation_actions__memory_exclusion_list | str
| | | | memoryviolation_actions__memory_exclusion_list_v2 | str
| | | | filetype_actions__suspicious_files | str
| | | | filetype_actions__threat_files | str
| | | | checksum | str
| | | | file_exclusions | str
| | | | policy_name | str
| | | | script_control_v2 | str
| | | | policy | str
| | | | policy_id | str
| | | | policy_utctimestamp | str
| | | | device_count | int4
| | | | zone_count | int4
| | | | date_added | timestamp
| | Code Block |
|---|
parsedate(date_added_str, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS", "UTC")) |
| date_added_str | | date_modified | timestamp
| | Code Block |
|---|
parsedate(date_modified_str, dateformat("YYYY-MM-DD[T]HH:mm:ss.SSSSSSS", "UTC")) |
| date_modified_str | | log_policy_retentiondays | str
| | | | log_policy_log_upload | str
| | | | log_policy_maxlogsize | str
| | | | related_policys | int4
| | | | policy_value | str
| | | | related_policy_count | int4
| | | | at_devo_pulling_id | str
| | | | hostchain | str
| | | ✓ | tag | str
| | | ✓ | rawMessage | str
| | | ✓ |
| Anchor |
|---|
| edr.blackberry.cylance.threats |
|---|
| edr.blackberry.cylance.threats |
|---|
|
edr.blackberry.cylance.threatsField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | agent_version | str
| | auto_run | bool
| | av_industry | str
| | cert_issuer | str
| | cert_publisher | str
| | cert_timestamp | timestamp
| | classification | str
| | cylance_score | float8
| | date_found | timestamp
| | detected_by | str
| | device_id | str
| | device_name | str
| | file_path | str
| | file_size | int4
| | file_status | str
| | global_quarantined | bool
| | last_found | timestamp
| | md5 | str
| | name | str
| | policy_id | str
| | running | bool
| | safelisted | bool
| | sha256 | str
| | signed | bool
| | state | str
| | sub_classification | str
| | unique_to_cylance | bool
| | ip | str
| | mac | str
| | related_ips | int4
| | related_ip | ip4
| | related_ip_count | int4
| | related_macs | int4
| | related_mac | str
| | related_mac_count | int4
| | at_devo_pulling_id | str
| | hostchain | str
| ✓ | tag | str
| ✓ | rawMessage | str
| ✓ |
| Anchor |
|---|
| edr.blackberry.cylance.users |
|---|
| edr.blackberry.cylance.users |
|---|
|
edr.blackberry.cylance.usersField | Type | Extra fields |
|---|
eventdate | timestamp
| | hostname | str
| | id | str
| | tenant_id | str
| | first_name | str
| | last_name | str
| | email | str
| | cur_id | str
| | eeco_id | str
| | has_logged_in | bool
| | role_type | str
| | role_name | str
| | default_zone_role_type | str
| | default_zone_role_name | str
| | date_last_login | timestamp
| | date_email_confirmed | timestamp
| | date_created | timestamp
| | date_modified | timestamp
| | related_zones | int4
| | zone | str
| | zone_id | str
| | zone_role_type | str
| | zone_role_name | str
| | related_zone_count | int4
| | at_devo_pulling_id | str
| | hostchain | str
| | tag | str
| | rawMessage | str
| |
|
