2_ds_blackberry_blackberry_protect.md

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	app-activity ↳s-cylance-app-activity app-login ↳s-cylance-app-activity process-alert ↳cylance-process-alert security-alert ↳cylance-security-alert ↳cylance-alert ↳cef-cylance-alert ↳cylance-security-alert-1 ↳cylance-alert-2 ↳cylance-alert-1 ↳cylance-alert-3 ↳cylance-protect-security-alert	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application TA0002 - TA0002	72 Rules 36 Models
Lateral Movement	app-activity ↳s-cylance-app-activity app-login ↳s-cylance-app-activity security-alert ↳cylance-security-alert ↳cylance-alert ↳cef-cylance-alert ↳cylance-security-alert-1 ↳cylance-alert-2 ↳cylance-alert-1 ↳cylance-alert-3 ↳cylance-protect-security-alert	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy	5 Rules
Malware	app-activity ↳s-cylance-app-activity app-login ↳s-cylance-app-activity dlp-alert ↳cylance-dlp-alert file-alert ↳cylance-protect-file-alert process-alert ↳cylance-process-alert security-alert ↳cylance-security-alert ↳cylance-alert ↳cef-cylance-alert ↳cylance-security-alert-1 ↳cylance-alert-2 ↳cylance-alert-1 ↳cylance-alert-3 ↳cylance-protect-security-alert	T1053.003 - T1053.003 T1078 - Valid Accounts T1190 - Exploit Public Fasing Application T1562.004 - Impair Defenses: Disable or Modify System Firewall TA0002 - TA0002	33 Rules 10 Models
Privileged Activity	app-activity ↳s-cylance-app-activity app-login ↳s-cylance-app-activity file-alert ↳cylance-protect-file-alert security-alert ↳cylance-security-alert ↳cylance-alert ↳cef-cylance-alert ↳cylance-security-alert-1 ↳cylance-alert-2 ↳cylance-alert-1 ↳cylance-alert-3 ↳cylance-protect-security-alert	T1068 - Exploitation for Privilege Escalation T1078 - Valid Accounts	4 Rules 1 Models