CylancePROTECT OverviewResources Applies To: CylancePROTECT Overview CylancePROTECT is an integrated threat prevention solution that combines the power of artificial intelligence (AI) to block malware infections with additional security controls that safeguard against script-based, file less, memory, and external device based attacks. EventTracker can generate flex reports, trigger alerts for user logon activity, configuration changes, device activity, exploitation attempt and threat detection. EventTracker Knowledge Pack for CylancePROTECT allows you to monitor the following components: - Security – Threat detection, script execution and exploitation attempt. Operation – Configuration changes and device activities. Compliance – User logon success. Once CylancePROTECT is configured to deliver events to EventTracker Manager; alerts, dashboards and reports can be configured into EventTracker. Some of the Knowledge Packs available in EventTracker are listed below. For more information, please refer Integration Guide. Security Alerts Cylance: Threat detection - This category provides information related to threats detected on agent systems. Cylance: Exploitation attempt - This category provides information related to memory exploitations detected on agent systems. Cylance: Script execution - This category provides information related to scripts executed by users. Reports Cylance - Threat detection - This report gives the information about all the threats detected by CylancePROTECT. Cylance - Exploitation attempt - This report gives information about memory exploitations detected by CylancePROTECT. Cylance - Script execution - This report gives information about scripts executed by the users. Operation Reports Cylance - Configuration changes - This report gives the information about device configuration changes done by users. Cylance - Device activities - This report gives information about device activity in agent systems. Compliance Alerts Cylance: User logon succeeded - This alert will be generated when a successful user logon happens. Reports Cylance: User logon - This report gives information about successful user logon. Scope The configurations detailed in this guide are consistent with EventTracker version 8.x and later and CylancePROTECT. Documentation For more information, please refer the CylancePROTECT Integration guide.