MALWARE_threat_detected_CylanceProtect_General
Supported also on
Edit Event
Edit Event
Edit Event
Role
HOME
EVENTS DICTIONARY
HELP
More
Log In
Event Details - Fields & Audit Sources
Event Name
MALWARE threat detected
SK4 Parsed Fields
Add
Remove
Select field from core event
Shost
act
act
act
act
act
act
act
act
act
act
act
act
app
app
app
cat
cfp1
cfp1
cfp1
cfp1
cfp1
cfp1
cfp1
cfp1
cfp1
cfp2
cfp2
cfp2
cfp2
cfp2
cfp2
cfp2
cfp2
cfp2
cfp3
cfp3
cfp3
cfp4
cn1
cn1
cn1
cn1
cn1
cn1
cn1
cn1
cn1
cn1
cn1
cn1
cn1
cn1
cn1
cn2
cn2
cn2
cn2
cn2
cn2
cn2
cn2
cn2
cn3
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs1
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs2
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs3
cs4
cs4
cs4
cs4
cs4
cs4
cs4
cs4
cs4
cs4
cs5
cs5
cs5
cs6
destinationDnsDomain
destinationDnsDomain
destinationDnsDomain
destinationServiceName
destinationServiceName
destinationTranslatedAddress
destinationTranslatedAddress
device product
device vendor
device version
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceAddress
deviceCustomDate1
deviceCustomDate1
deviceCustomDate1
deviceCustomDate1
deviceCustomDate1
deviceCustomDate1
deviceCustomDate1
deviceCustomDate2
deviceCustomDate2
deviceCustomDate2
deviceCustomDate2
deviceCustomDate2
deviceCustomDate2
deviceCustomDate2
deviceDirection
deviceDirection
deviceDnsDomain
deviceDnsDomain
deviceExternalId
deviceExternalId
deviceExternalId
deviceExternalId
deviceExternalId
deviceExternalId
deviceExternalId
deviceExternalId
deviceExternalId
deviceExternalId
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceFacility
deviceInboundInterface
deviceInboundInterface
deviceMacAddress
deviceNtDomain
deviceNtDomain
deviceNtDomain
deviceOutboundInterface
deviceOutboundInterface
deviceOutboundInterface
devicePayloadId
devicePayloadId
deviceProcessName
deviceProcessName
dhost
dhost
dhost
dmac
dntdom
dntdom
dntdom
dpid
dpriv
dpriv
dpriv
dpriv
dpriv
dpriv
dpriv
dproc
dpt
dpt
dst
dst
dtz
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duid
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
duser
dusuer
dusuer
dvchost
dvchost
dvcpid
end
externalID
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileHash
fileId
fileId
fileId
fileId
fileId
fileId
fileId
fileId
fileId
fileId
fileName
fileName
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePath
filePermission
filePermission
filePermission
filePermission
filePermission
filePermission
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
fileType
flexString1
flexString2
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fname
fsize
ftype
in
in
msg
name
oldFile
oldFileHash
oldFileHash
oldFileHash
oldFileId
oldFileId
oldFileId
oldFileId
oldFileId
oldFileId
oldFileId
oldFileId
oldFileName
oldFileName
oldFileName
oldFileName
oldFileName
oldFileName
oldFileName
oldFileName
oldFilePath
oldFileType
oldFileType
oldFileType
oldFileType
oldFileType
oldFileType
oldFileType
oldFileType
oldFileType
out
out
out
out
outcome
outcome
outcome
outcome
outcome
outcome
outcome
outcome
outcome
outcome
outcome
outcome
outcome
outcome
outcome
proto
proto
proto
proto
proto
proto
proto
proto
proto
proto
proto
proto
proto
proto
proto
reason
reason
reason
reason
reason
reason
reason
reason
reason
reason
reason
reason
request
requestClientApplication
requestContext
requestContext
requestCookies
requestCookies
requestMethod
requestMethod
severity
shost
shost
signature ID
smac
sntdom
sntdom
sourceDnsDomain
sourceDnsDomain
sourceServiceName
sourceTranslatedAddress
spid
spriv
spriv
spriv
sproc
sproc
spt
src
src
src
suid
suid
suser
suser
time
version
arrow&v
Select field type
SK4 Application Class
Event Specific
arrow&v
Enriched
Audit Sources
Select audit source used for this event
CylanceProtect API
arrow&v
Add
Remove
Finish