Skip Navigation

View focus data

Focus data allows you to visualize and analyze the chain of events, and the associated artifacts and facets of those events, that resulted in a piece of malware or another security threat on a device. Focus data is retained for 30 days.
For devices with
Optics
agent 2.x and earlier, the console can retrieve focus data only from devices that are online. For devices with agent 3.0 and later, devices do not need to be online because the console can retrieve the latest data available in the
Optics
cloud database.
If you want to enable the automatic upload of focus data for devices to the console, turn on these options in the device policy (see Enable and configure Optics). If you do not select this option, you must use the console to manually request focus data.
  1. Do any of the following:
    Task
    Steps
    View focus data from device details.
    1. In the management console, on the menu bar, click
      Devices
      .
    2. Click a device and review the
      Threats & Activities
      section.
    3. If you did not enable the automatic upload of focus data, for a threat or event, click
      Request Data
      .
    4. Click
      View Data
      .
    View focus data from an InstaQuery.
    To create a new InstaQuery, see Create an InstaQuery.
    1. In the management console, on the menu bar, click
      CylanceOPTICS > InstaQuery > Previous Queries
      .
    2. For an InstaQuery, click
      View Results
      .
    3. For a result, click
      Actions > Request Focus Data
      .
    4. Click
      View Focus Data
      .
    View focus data from a master list.
    1. In the management console, on the menu bar, click
      CylanceOPTICS > Focus Data
      .
      The list includes the focus data that was previously requested by an administrator or automatically uploaded to the console.
    2. For an artifact or event, click
      View Focus
      .
  • Some artifacts or facets in the focus data may include a
    Create InstaQuery
    option to retrieve more information. This is known as a pivot query. The artifact or facet properties are prepopulated, you only need to specify the appropriate zones. The pivot query results are then available with the associated focus data.
  • If you want to export focus data to a .csv file, click the table view icon, then click the Export icon.