Cylance Offline Mode Monitoring

Question

We are looking to try to utilize LM and monitor whether Cylance is running in offline mode on a Windows server. Our SOC was able to determine that if it switches to offline mode (which can happen without the NIC going down), it adds a registry entry:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop\VenueStatus

Ideally we’d like to monitor for IF that registry item exists and when it does see it, it would send us an alert. I’m assuming this could be done through some PS scripting. But I’m not sure how to have that data interpreted into a usable data or event source in LM.

Would appreciate any help you guys can offer here.

aarkkelin · Answer

I’m now realizing this is probably the wrong topic section for this question. Sorry! I’ll re-post in Product Discussion.

stuart_weenig · Answer

Yeah, just write a PS script using remoting to check if that registry exists and return either a 0 or 1.

Forum Discussion

Cylance Offline Mode Monitoring

2 Replies

Related Content

Cylance Offline Mode

Process monitoring (Linux)

Process Monitoring

Meraki monitoring within Logic Monitor

Aruba Central Monitoring?

Recent Discussions

Nice little hint! with LM Config

Info and Overview resource tabs

Linux collectors for Windows servers

Collectors: Open Telemetry vs. LM Collector

Issues with Set-LMWebsiteGroup