The Cylance App enables you to analyze Cylance security events by type, status, and detection method. You can use the App to investigate Cylance-specific events and provide operational visibility to team members without logging into Cylance.
Cylance applies artificial intelligence, algorithmic science, and machine learning to cyber security, and provides visibility to their service through integrations with a central security analytics platform like Sumo Logic. By combining the threat events data from Cylance and other data sources, you can reduce your security risk and improve your overall security posture.
The Sumo Logic App for Cylance uses the supports the following event and log types:
- Device (Device Mgmt - Register, Remove, Updates, SystemSecurity)
- Threat (Threats identified and actioned)
- ScriptControl (Script Execution control and actions)
- ExploitAttempt (Memory Protection)
- Threat Classification (Threat classification by Cylance research team)
- AuditLog (User Actions performed from Cylance Web Console)
- DeviceControl (Control external device like USB, storage connected to system under monitoring)
For details on the format and definitions, refer to Cylance documentation.