Cylance Offline Mode
We are looking to try to utilize LM and monitor whether Cylance is running in offline mode on a Windows server. Our SOC was able to determine that if it switches to offline mode (which can happen without the NIC going down), it adds a registry entry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop\VenueStatus Ideally we’d like to monitor for IF that registry item exists and when it does see it, it would send us an alert. I’m assuming this could be done through some PS scripting. But I’m not sure how to have that data interpreted into a usable data or event source in LM. Would appreciate any help you guys can offer here!
Cylance Offline Mode Monitoring
We are looking to try to utilize LM and monitor whether Cylance is running in offline mode on a Windows server. Our SOC was able to determine that if it switches to offline mode (which can happen without the NIC going down), it adds a registry entry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop\VenueStatus Ideally we’d like to monitor for IF that registry item exists and when it does see it, it would send us an alert. I’m assuming this could be done through some PS scripting. But I’m not sure how to have that data interpreted into a usable data or event source in LM. Would appreciate any help you guys can offer here.