Detecting and responding to events
Opticsuses the Context Analysis Engine (CAE) to analyze and correlate events as they occur on devices in near real-time. The CAE logic is stored locally on the device, which allows the
Opticsagent to monitor and track malicious or suspicious activity even if the device is not connected to the
Opticscloud services. You can configure
Opticsto take automated response actions when the CAE identifies certain artifacts of interest, providing an additional layer of threat detection and prevention to complement the capabilities of
You can customize the detection capabilities of
Opticsto suit the needs of your organization. You can create detection rule sets with your desired configuration of detection rules and responses, you can clone and modify existing detection rules or create your own custom rules, and you can create detection exceptions to exclude specific artifacts from detection.