Hi,
I need to use the Cylance Protect syslog data in Enterprise Security.
Has anyone used this data in ES context ? What data models does the data to map to and whether any additional field extractions are required ?
Just an FYI - I'm receiving the following Cylance Protect sourcetypes. The Cylance TA and App are able to parse and display data and information respectively.
syslog_audit_log
syslog_device
syslog_script_control
Any pointers/directions are appreciated!
Best Regards,
Shreedeep Mitra.
↧