# Cylance Logs

## Overview

**Evidence:** Cylance Logs\
**Description:** Collect Cylance Logs\
**Category:** Applications\
**Platform:** windows\
**Short Name:** cylncl\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

CylancePROTECT (now BlackBerry Protect) is an AI-powered endpoint security solution that uses machine learning for threat prevention. It maintains desktop logs, checkpoint files (chp), status information, and Optics EDR logs for comprehensive security monitoring.

## Data Collected

This collector gathers structured data about cylance logs.

## Collection Method

This collector gathers Cylance logs from multiple locations including Desktop application logs, checkpoint files, status JSON, and Optics EDR logs from both Program Files and ProgramData directories.

## Forensic Value

Cylance logs provide AI-based threat detections, machine learning analysis results, checkpoint data for threat prevention, and EDR visibility through Optics. They're essential for investigating advanced threats and understanding AI-detected malware.