Skip Navigation

Detecting and responding to events

Optics
uses the Context Analysis Engine (CAE) to analyze and correlate events as they occur on devices in near real-time. The CAE logic is stored locally on the device, which allows the
Optics
agent to monitor and track malicious or suspicious activity even if the device is not connected to the
Optics
cloud services. You can configure
Optics
to take automated response actions when the CAE identifies certain artifacts of interest, providing an additional layer of threat detection and prevention to complement the capabilities of
Protect Desktop
.
You can customize the detection capabilities of
Optics
to suit the needs of your organization. You can create detection rule sets with your desired configuration of detection rules and responses, you can clone and modify existing detection rules or create your own custom rules, and you can create detection exceptions to exclude specific artifacts from detection.