Key features of CylanceOPTICS
CylanceOPTICS
Feature | Description |
---|---|
Analyze CylanceOPTICS data | You can use the management console to query the device data collected by the CylanceOPTICS agent to investigate security incidents and discover indicators of compromise. When CylanceOPTICS identifies a file as a potential threat, you can retrieve the file from the device for further analysis.InstaQuery allows you to interrogate a set of devices about a specific type of forensic artifact, and allows you to determine whether an artifact exists on devices and how common that artifact is. Advanced query is an evolution of InstaQuery that provides more granular search capabilities using EQL syntax to enhance your ability to identify threats. |
Visualize CylanceOPTICS data | You can use the following visualization features to assist your forensic analysis:
|
Detect and respond to events | CylanceOPTICS uses the Context Analysis Engine (CAE) to analyze and correlate events as they occur on devices in near-real time. You can configure CylanceOPTICS to take automated response actions when the CAE identifies certain artifacts of interest (for example, display a notification or log off the current user), providing an additional layer of threat detection and prevention to complement the capabilities of CylancePROTECT Desktop .You can customize the detection capabilities of CylanceOPTICS to suit your organization's needs. You can create detection rule sets with your desired configuration of rules and responses, you can clone and modify existing detection rules or create your own custom rules, and you can create detection exceptions to exclude specific artifacts from detection. |
Deploy packages to collect data | You can use the package deploy feature to remotely and securely run a process (for example, a Python script) on CylanceOPTICS devices to collect and store desired data in a specified location for further analysis. For example, you can run a process to collect browser data. You can use the CylanceOPTICS data collection packages that are available in the management console or you can create your own. |
Lock devices to isolate threats | You can lock an infected or potentially infected device, disabling its LAN and Wi-Fi network capabilities to stop command and control activity, the exfiltration of data, or the lateral movement of malware. Various lockdown options are available to suit your organization's needs. |
Send actions to devices | You can use the remote response feature to securely execute scripts and run commands on any CylanceOPTICS -enabled device directly from the management console, using a familiar command line interface. |