Cylance Logs
Overview
Section titled “Overview”Evidence: Cylance Logs
Description: Collect Cylance Logs
Category: Applications
Platform: windows
Short Name: cylncl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”CylancePROTECT (now BlackBerry Protect) is an AI-powered endpoint security solution that uses machine learning for threat prevention. It maintains desktop logs, checkpoint files (chp), status information, and Optics EDR logs for comprehensive security monitoring.
Data Collected
Section titled “Data Collected”This collector gathers structured data about cylance logs.
Collection Method
Section titled “Collection Method”This collector gathers Cylance logs from multiple locations including Desktop application logs, checkpoint files, status JSON, and Optics EDR logs from both Program Files and ProgramData directories.
Forensic Value
Section titled “Forensic Value”Cylance logs provide AI-based threat detections, machine learning analysis results, checkpoint data for threat prevention, and EDR visibility through Optics. They’re essential for investigating advanced threats and understanding AI-detected malware.