Cybereason Logs
Overview
Section titled “Overview”Evidence: Cybereason Logs
Description: Collect Cybereason Logs
Category: Applications
Platform: windows
Short Name: cybrsls
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Cybereason is an EDR platform that monitors endpoint behavior and logs malicious operations. It uses multiple components (crs1, apv2, crb1) that each maintain separate log directories for different monitoring functions.
Data Collected
Section titled “Data Collected”This collector gathers structured data about cybereason logs.
Collection Method
Section titled “Collection Method”This collector gathers logs from multiple Cybereason components including the sensor (crs1), anti-ransomware (apv2), and behavioral analysis (crb1) modules, plus text configuration files.
Forensic Value
Section titled “Forensic Value”Cybereason logs provide comprehensive EDR visibility into malicious operations, behavioral detections, ransomware attempts, and system compromises. They’re critical for investigating advanced threats and understanding attack chains.