CylanceThreatAlert
ID: 100010
Description:
Cylance Threat Alert
Repository: Group: Cylance Type: event
Default Status:
Enabled
| Tags: |
|---|
| Cylance |
Selector:
Query:
Filters:
| Field | MUST hit |
|---|---|
| @cylance.EventType | Threat |
| @event_type | @cylance |
| Field | MUST NOT hit |
|---|---|
| @cylance.ThreatClassification | Trusted - Local |
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @cylance.DeviceName | asset | security alert |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
| ALERT_END_POINT | 800 | alert |
| ALERT_HIGH_CONFIDENCE | 2000 | alert |
Attributes:
| Alias | Key |
|---|---|
| Hostname | @cylance.DeviceName |
| DeviceID | @cylance.DeviceId |
| FileName | @cylance.FileName |
| FilePath | @cylance.Path |
| Status | @cylance.Status |
| CylanceScore | @cylance.CylanceScore |
| Classification | @cylance.ThreatClassification |
| IPAddress | @cylance.IPAddress |
| FileType | @cylance.FileType |
| MD5 | @cylance.MD5 |
| SHA256 | @cylance.SHA256 |
| Policy | @cylance.PolicyName |
| DetectedBy | @cylance.DetectedBy |
| EventName | @cylance.EventName |
| Customer | @facility |
Correlation Rules:
First Occurrence:
| Name | Window | Fields |
|---|---|---|
| NewAlert | 10 days | @cylance.ThreatClassification |
| Risks: | ML_NEW_ALERT | |
| NewAsset | 10 days | @cylance.DeviceId |
| Risks: | ML_NEW_ASSET |
History:
| User | Date |
|---|---|
| je*y@fortify24x7.com | 2021 Mar 8 12:05:04 EST |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)