CylanceAVERT events
Data exfiltration events are saved and listed on the CylanceAVERT events page. CylanceAVERT events are stored in the events list for 30 days. When a data exfiltration event occurs, a new list item will be added to the events list displaying the following information:
| Item | Description |
|---|---|
|
Detection Time |
This is the date and time that the exfiltration event occurred. |
|
Device |
This is the device name of the device where the exfiltration event was found. |
|
User |
This is the first name, last name, email, department, and title of the user who committed the exfiltration event. You can click the link to view the user details page. |
|
Activity |
This is the type of activity that CylanceAVERT tagged as a data exfiltration event. The possible values are web, email, and USB. |
|
Location |
This is the location that the sensitive data was uploaded to. The value of this is dependent on the type of upload that occurred (website root domain, email domains and recipients, location of copied USB files). |
|
Files |
This is the number of files involved in the event. You can click the link to view the file details page. Multiple files may be associated with an exfiltration event. |
|
Policy |
This is the number of CylanceAVERT user policies that were violated. Multiple policies may be associated with an exfiltration event. |
|
Data Type |
This is the number of keyword or regular expression that were met to trigger the CylanceAVERT event. |