View and manage detections
You can use the management console to view and analyze the events detected by the CAE. From the detections dashboard you can see trends in events over varying timeframes, the severity of different detections, and you can access detailed information for each detection.
- In the management console, on the menu bar, clickCylanceOPTICS > Detections.
- Do any of the following:TaskStepsChange the scope of the detections data.Click theDetections Over Timedrop-down list and select the desired scope.Include or exclude detections of different priority levels.The graph provides a count of informational, low, medium, and high priority events. Click any of the counts to exclude those events from the detections data. Click the same item again to include it in the data.View the details and artifacts of interest for a detection.ClickView.Depending on the artifacts associated with the detection, you may be able to select different actions (for example, you can download a file, quarantine a file, view focus data, create a detection exception, and so on). You can click theDetection Notessection to add notes relevant to your analysis.Lock down the device associated with a detection.
For more information, see Lock a device.Export detection details to a JSON file.
- In theActionsdrop-down list, clickLockdown Device.
- Select a lockdown period.
- ClickConfirm Lockdown.
Set the status of a detection event.Do any of the following:
- In theActionsdrop-down list, clickExport Data.
Delete one or more detections.Select the detections and clickSelect Action > Delete Detection. ClickConfirm Delete.
- Click theStatusdrop-down list for a detection and select the appropriate status.If you selectFalse Positive, you are prompted for how you want to handle duplicate detections. Select the appropriate option and clickSave.
- Select one or more detections and clickSelect Action > Change Status. Select the appropriate status and clickConfirm.