What is CylanceOPTICS?
- Architecture overview
- How it works
Cylance requirements
- Operating system requirements
- Hardware requirements
- Virtual machines
- Browsers supported
- Additional requirements
- Network
- Firewall
- Proxy
Download CylanceOPTICS from the Application page
Windows Installation
- Directory Locations - Windows
- Windows Services
- Windows Command Line Options
macOS Installation
- Directory Locations - macOS
- macOS Secure Kernel Extension Loading
- macOS Command Line Options
Linux Installation
- Install RHEL/CentOS, SUSE, or Amazon Linux 2
- Install Ubuntu
- Software Requirements - Linux
- Directory Locations - Linux
- Stop or Start the Linux Service
- Things to Know About the Linux Agent
Uninstalling CylanceOPTICS
- Uninstall Windows using Add/Remove Programs
- Uninstall Windows using the Command Line
- Uninstall macOS
- Uninstall Linux
Upgrading to v2.5
Edit a Policy
- Configurable Sensor Descriptions
- Things to Know about the Optics Policy
Devices
- Device Drawer
- Export device list
- Device export descriptions
- Device details page
File Download History
Role Management
Using InstaQuery
- InstaQuery Capabilities Descriptions
- Start an InstaQuery
- View InstaQuery Results and Previous Queries
- Global Quarantine
- Download File
- Export InstaQuery list
- InstaQuery export descriptions
- InstaQuery Facet Breakdown
- InstaQuery Troubleshooting
- InstaQuery Results Descriptions
Focus Data
- About Focus Data
- Threats and Activities
- Export Historical List View
- Pivot Queries
Detections
- Detection Environment Overview
- First Time Using Detection Rule Sets
- Detection Tab
  - Detection Status Event
  - Delete Detection Events
- Detection Details Page
- Use Detection Rule Sets
  - Apply a Detection Rule Set to a Policy
  - Descriptions for Detection Rule Set Options
- Custom Rules
- Detection Exceptions
- False Positive Detections
  - Changing the Status on the Detections Page
  - Changing the Status on the Detection Details Page
- Detection Rule Set Best Practices
- Package Playbook
Locking Down an Endpoint
- Lockdown an Endpoint
- Unlock an Endpoint
Remote Response
- Why Remote Response is not Available for a Device:
- Using Remote Response
Context Analysis Engine Custom Rule Builder
- States
- Functions
- Field Operators
- Operands - Facet Value Extractors
- Artifacts of Interest
- Paths
- Filters
List of Responses
Configurable Sensors
Sensed events, artifacts, and facets

What is
CylanceOPTICS
?

CylanceOPTICS

operates by deploying sensors into the endpoint's operating system at various levels and against various subsystems to collect a diverse set of information and then aggregates that information into a localized data store to track, alert upon, and respond to complex malicious situations as they unfold.

CylanceOPTICS

connects to a cloud-based analytics backend infrastructure through a lightweight communications network that enables users, using the

Cylance

Console, to command and query

CylanceOPTICS

in real time, against their local data store of forensic data.

CylanceOPTICS

consists of the following components.

Component	Description
Endpoint Service - integrated with the endpoint agent of CylancePROTECT	The Endpoint Service is a .NET/Mono 4.5 service with native and managed sensors that observe, interpret, catalog, and provide interfaces into endpoint events.
Communication Network	The Communication Network is a mesh-like network bridging thousands of endpoints together with a communication management framework, delivering real time interaction and awareness.
Data Analytics Backend	The Data Analytics Backend is a highly scalable backend that delivers rich interpretations of endpoint data, as well as an API-first approach to endpoint management.
CylanceOPTICS Microsite in Management Console	The CylanceOPTICS microsite is an ever-evolving front-end delivering powerful views and capabilities from inside endpoints directly to security professionals.

Architecture overview

How it works

What is CylanceOPTICS?

What is
CylanceOPTICS
?