Cylance Graylog Content Pack

dscryber · March 7, 2022, 9:51pm

@bensooter

This content pack adds an input and extractors for handling the syslog feed from Cylance PROTECT

Required Graylog version: 2.0.0 and later

Includes

Input Cylance Syslog (Syslog TCP 6514)
GROK Pattern - DATESTAMP2: Allows the DATESTAMP function to capture AM/PM.
Multiple extractors to handle the various Cylance message formats that can come in.

Cylance PROTECT configured to send syslog TCP data to Graylog on port 6514.

Topic		Replies	Views
GraySquid for Graylog Content Pack content-pack	0	1188	March 8, 2022
Heroku for Graylog Content Pack content-pack	0	623	March 8, 2022
Graylog-generic-syslog Content Pack content-pack	3	4783	December 13, 2022
NGINX Syslog for Graylog Content Pack content-pack	0	3710	March 9, 2022
Cisco FirePOWER GROK Extractors for Graylog Other Solutions other_solutions	0	1101	March 15, 2022