Skip Navigation

Create an InstaQuery

  1. In the management console, on the menu bar, click
    CylanceOPTICS > InstaQuery
    .
  2. Do one of the following:
    Task
    Steps
    Create a new InstaQuery
    If you want to clone a previous query, expand the
    Previous Queries
    section, find the query, and click
    Clone Query
    .
    1. In the
      Search Term
      field, type a value that you want to search for (for example, a file name, hash, process, registry value, and so on). If you want to search for an exact match, select the
      Exact Matching
      check box.
    2. In the
      Artifact
      drop-down list, click an artifact type.
    3. In the
      Facet
      drop-down list, click the appropriate facet.
    4. In the
      Zone
      drop-down list, select one or more zones.
    5. Type a name and description for the query.
    6. Click
      Submit Query
      .
    7. The current status of the query is displayed in the
      Previous Queries
      section. When the query is complete, click
      View Results
      .
    View a previous InstaQuery
    1. Expand the
      Previous Queries
      section.
    2. For the query that you want to view, click
      View Results
      .
  3. In the
    InstaQuery Results
    section, you can expand the
    Actions
    menu to access the available actions for each result. Depending on the type of result, this can include:
    • Globally quarantine a file. The file is displayed in
      Settings > Global List > Global Quarantine
      , in
      Protection > Threats
      , in the
      Threats
      section of the device details.
    • Request and download a file. If path information is available for files associated with other artifact types, you can also download those files. The file is compressed and password-protected to ensure that it is not accidentally executed. The password is “infected”.
      The size limit for file retrieval is 50 MB. Artifacts and files are retained by
      Optics
      for 30 days (this period can be increased based on your organization's licensing).
  4. To view the InstaQuery facet breakdown, in the
    InstaQuery Results
    section, click the facet breakdown icon.