Cylance module in filebeat docs are mixed with RSA

The documentation for the cylance module in filebeats looks mixed up with RSA Netwitness.

In this documentation:

RSA fields are referenced: var.rsa_fields

And the link to exported fields also are mainly RSA fields, not cylance fields:

I wanted to confirm if others see the same thing and I wasn't sure where to post a documentation bug.

I agree it looks a bit weird, but currently there are not cylance fields defined, so indeed you can see only RSA fields. Feel free to open an enhancement issue for Beats. Thanks!

I have cylance and we're loading it into elastic. Is there a way I can be helpful in proposing the schema for cylance based on our data? I'm not too familiar with beats code, is there a place where there is a mapping table or regex (or grok) and I can compare it with our data?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.