Create an InstaQuery
- In the management console, on the menu bar, clickCylanceOPTICS > InstaQuery.
- Do one of the following:TaskStepsCreate a new InstaQuery.If you want to clone a previous query, expand thePrevious Queriessection, find the query, and clickClone Query.
- In theSearch Termfield, type a value that you want to search for (for example, a file name, hash, process, registry value, and so on). If you want to search for an exact match, select theExact Matchingcheck box.
- In theArtifactdrop-down list, click an artifact type.
- In theFacetdrop-down list, click the appropriate facet.
- In theZonedrop-down list, select one or more zones.
- Type a name and description for the query.
- ClickSubmit Query.
- The current status of the query is displayed in thePrevious Queriessection. When the query is complete, clickView Results.
View a previous InstaQuery.- Expand thePrevious Queriessection.
- For the query that you want to view, clickView Results.
- In theInstaQuery Resultssection, you can expand theActionsmenu to access the available actions for each result. Depending on the type of result, this can include:
- Globally quarantine a file. The file is displayed inSettings > Global List > Global Quarantine, inProtection > Threats, and in theThreatssection of the device details.
- Request and download a file. If path information is available for files associated with other artifact types, you can also download those files. The file is compressed and password-protected to ensure that it is not accidentally executed. The password is “infected”.The size limit for file retrieval is 50 MB. Artifacts and files are retained byCylanceOPTICSfor 30 days (this period can be increased based on your organization's licensing).
- To view the InstaQuery facet breakdown, in theInstaQuery Resultssection, click the facet breakdown icon.