How CylanceAVERT collects and uses data

For complete information about this product, see the Aurora Endpoint Security docs.

Item

Data collection and use

Collection of admin user data
Arctic Wolf collects and processes the following information about administrators to authenticate authorized administrators and deliver application alerts:
  • Username
  • First name
  • Last name
  • Email address

Collection of user account data
Arctic Wolf collects and processes the following information about user accounts to provide application functionality and support service delivery:
  • Username
  • User unique identifier
  • Display name
  • Email address
  • User title
  • User department

Collection of endpoint data
Arctic Wolf collects and processes the following information about the configuration of a device endpoint to provide application functionality and support service delivery:
  • Hostname
  • FQDN
  • IP addresses
  • OS type
  • OS version
  • Service packs
  • Application build
  • Client type
  • Processor type
  • Device unique identifier
  • Preferred language

Collection of sensitive file inventory data
Arctic Wolf collects and processes the following information from the file inventory to identify sensitive documents and provide the risk assessment:
  • File hashes
  • Name of document
  • Document unique identifier
  • File type
  • File size
  • Device unique identifiers
  • User with access to the file
  • Devices with access to the file
  • Name of the policy that was triggered

Collection of web browser exfiltration events
Arctic Wolf collects and processes the following information about web browser exfiltration events to mitigate potential data loss:
  • Date and time of the event
  • Name of the policy that was triggered
  • Client source
  • Application name
  • Machine learning model
  • Document name
  • File type
  • File hash
  • Document unique identifier
  • URL
  • Page title
  • File path
  • File last modified timestamp

Collection of email message exfiltration events
Arctic Wolf collects and processes the following information about email message exfiltration events to mitigate potential data loss:
  • Date and time of the event
  • Name of the policy that was triggered
  • Client source
  • Email client name and version
  • Document name
  • File type
  • File hash
  • Document unique identifier
  • Email subject line
  • Email recipients

Collection of local file transfer exfiltration events
Arctic Wolf collects and processes the following information about local file transfer exfiltration events to mitigate potential data loss:
  • Date and time of the event
  • Name of the policy that was triggered
  • Client source
  • Document name
  • File type
  • File hash
  • Document unique identifier
  • Document source
  • Document destination
  • Hostname
  • Device unique identifier
  • Username
  • User unique identifier
  • Email
  • Title
  • Department
  • File size
  • Number of policy violations

Collection of file snippets

Arctic Wolf collects samples of the specific text that triggers the information protection policy. Depending on the configuration of the customer’s information protection policies, the file snippet may contain sensitive information, including personal data.

This feature is disabled by default.

Collection of evidence files

Arctic Wolf collects the entire document which contains the text that triggered the customer’s information protection policy. Depending on the configuration of the customer’s information protection policies, the evidence file may contain sensitive information, including personal data.

This feature is disabled by default.

Collection of administrator login data
Arctic Wolf collects the login activity from the administrators or operators of customer tenant, including the following information:
  • Date and time
  • User unique identifier
  • Status
  • Account name

Data sharing or forward processing

Arctic Wolf uses the identified information to facilitate the performance of the End User License Agreement under which Arctic Wolf services and products are offered. This data is only shared with necessary third-party services needed to fulfill the intended purpose of these services.

Arctic Wolf will not sell, lease, or otherwise distribute this information beyond what is disclosed below.

Cross-border data transfers

CylanceAVERT customers select the geographic location for their tenant, which is where the personal data that is used to manage the customer’s service and the collected endpoint data is stored. Data is not transferred from the chosen customer’s tenant location to any other geography without customer instruction.

The data that is collected is stored in one of the following subprocessors:
  • Amazon Web Services; North America (United States)
  • Databricks: North America (United States)
  • MessageBird (email only): United States

Data retention

Personal data processed Data retention period

Administrator and user account information

Data is stored for the duration of the contract. A customer administrator can remove an individual user’s personal data or initiate a service removal request in the administrative console.

Data that is backed up is retained for 90 days after the conclusion of a service agreement.

Endpoint data

Data is stored for as long as a registered device is active.

Sensitive file inventory

Data about files is stored until the file is no longer detected within a customer’s environment, or for the duration of the contract.

Data that is backed up is retained for 90 days after the conclusion of a service agreement.

Detected exfiltration events: web browser, email, file operations

Data is stored for 30 days.

File snippets

Data is stored for 30 days.

Evidence files

A customer administrator can remove collected evidence files in the administrative console.

Customers can configure a policy to store files for either 30, 60, or 90 days. By default, evidence files are stored for 30 days.

Diagnostic information

Data is stored for 5 years.

Customer administrative login activity

Data is stored for 1 year.