Cylance Offline Mode Monitoring

Question

We are looking to try to utilize LM and monitor whether Cylance is running in offline mode on a Windows server. Our SOC was able to determine that if it switches to offline mode (which can happen without the NIC going down), it adds a registry entry:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop\VenueStatus

Ideally we’d like to monitor for IF that registry item exists and when it does see it, it would send us an alert. I’m assuming this could be done through some PS scripting. But I’m not sure how to have that data interpreted into a usable data or event source in LM.

Would appreciate any help you guys can offer here.

aarkkelin · Answer

I’m now realizing this is probably the wrong topic section for this question. Sorry! I’ll re-post in Product Discussion.

anonymous · Answer

Yeah, just write a PS script using remoting to check if that registry exists and return either a 0 or 1.

Forum Discussion

Cylance Offline Mode Monitoring

Related Content

Cylance Offline Mode

Process Monitoring

Meraki monitoring within Logic Monitor

Process monitoring (Linux)

Aruba Central Monitoring?

Recent Discussions

Change roles without email notification?

ConfigSource for Linux Files.

Module Toolbox AppliesTo IDE

Non-Admin Collector install

UIv4 - Report Permission Bug