- What is CylanceOPTICS?
- Cylance requirements
- Download CylanceOPTICS from the Application page
- Windows Installation
- macOS Installation
- Linux Installation
- Uninstalling CylanceOPTICS
- Upgrading to v2.5
- Edit a Policy
- File Download History
- Role Management
- Using InstaQuery
- Focus Data
- Detection Environment Overview
- First Time Using Detection Rule Sets
- Detection Tab
- Detection Details Page
- Use Detection Rule Sets
- Custom Rules
- Detection Exceptions
- False Positive Detections
- Detection Rule Set Best Practices
- Package Playbook
- Locking Down an Endpoint
- Remote Response
- Context Analysis Engine Custom Rule Builder
- List of Responses
- Configurable Sensors
- Sensed events, artifacts, and facets
What is CylanceOPTICS?
CylanceOPTICSoperates by deploying sensors into the endpoint's operating system at various levels and against various subsystems to collect a diverse set of information and then aggregates that information into a localized data store to track, alert upon, and respond to complex malicious situations as they unfold.
CylanceOPTICSconnects to a cloud-based analytics backend infrastructure through a lightweight communications network that enables users, using the
CylanceConsole, to command and query
CylanceOPTICSin real time, against their local data store of forensic data.
CylanceOPTICSconsists of the following components.
Endpoint Service - integrated with the endpoint agent of
The Endpoint Service is a .NET/Mono 4.5 service with native and managed sensors that observe, interpret, catalog, and provide interfaces into endpoint events.
The Communication Network is a mesh-like network bridging thousands of endpoints together with a communication management framework, delivering real time interaction and awareness.
Data Analytics Backend
The Data Analytics Backend is a highly scalable backend that delivers rich interpretations of endpoint data, as well as an API-first approach to endpoint management.
CylanceOPTICSMicrosite in Management Console
The CylanceOPTICS microsite is an ever-evolving front-end delivering powerful views and capabilities from inside endpoints directly to security professionals.