Cylance Logs

Overview

Evidence: Cylance Logs Description: Collect Cylance Logs Category: Applications Platform: windows Short Name: cylncl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

CylancePROTECT (now BlackBerry Protect) is an AI-powered endpoint security solution that uses machine learning for threat prevention. It maintains desktop logs, checkpoint files (chp), status information, and Optics EDR logs for comprehensive security monitoring.

Data Collected

This collector gathers structured data about cylance logs.

Collection Method

This collector gathers Cylance logs from multiple locations including Desktop application logs, checkpoint files, status JSON, and Optics EDR logs from both Program Files and ProgramData directories.

Forensic Value

Cylance logs provide AI-based threat detections, machine learning analysis results, checkpoint data for threat prevention, and EDR visibility through Optics. They're essential for investigating advanced threats and understanding AI-detected malware.