Skip to content

Protect

Key facts

  • MSG Format based filter
  • None conformant legacy BSD Format default port 514
Ref Link
Splunk Add-on CyberArk https://splunkbase.splunk.com/app/3709/

Sourcetypes

sourcetype notes
syslog_protect Catchall
syslog_threat_classification None
syslog_audit_log None
syslog_exploit None
syslog_app_control None
syslog_threat None
syslog_device None
syslog_device_control None
syslog_script_control None
syslog_optics None

Index Configuration

key sourcetype index notes
cylance_protect syslog_protect epintel none
cylance_protect_auditlog syslog_audit_log epintel none
cylance_protect_threatclassification syslog_threat_classification epintel none
cylance_protect_exploitattempt syslog_exploit epintel none
cylance_protect_appcontrol syslog_app_control epintel none
cylance_protect_threat syslog_threat epintel none
cylance_protect_device syslog_device epintel none
cylance_protect_devicecontrol syslog_device_control epintel none
cylance_protect_scriptcontrol syslog_protect epintel none
cylance_protect_scriptcontrol syslog_script_control epintel none
cylance_protect_optics syslog_optics epintel none