Cybereason Logs

Overview

Evidence: Cybereason Logs Description: Collect Cybereason Logs Category: Applications Platform: windows Short Name: cybrsls Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Cybereason is an EDR platform that monitors endpoint behavior and logs malicious operations. It uses multiple components (crs1, apv2, crb1) that each maintain separate log directories for different monitoring functions.

Data Collected

This collector gathers structured data about cybereason logs.

Collection Method

This collector gathers logs from multiple Cybereason components including the sensor (crs1), anti-ransomware (apv2), and behavioral analysis (crb1) modules, plus text configuration files.

Forensic Value

Cybereason logs provide comprehensive EDR visibility into malicious operations, behavioral detections, ransomware attempts, and system compromises. They're critical for investigating advanced threats and understanding attack chains.