Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Administration
  4. Cylance Endpoint Security Administration Guide
  5. Analyzing data collected by CylanceOPTICS
  6. View focus data

View focus data

Focus data allows you to visualize and analyze the chain of events, and the associated artifacts and facets of those events, that resulted in a piece of malware or another security threat on a device. Focus data is retained for 30 days.
For devices with
CylanceOPTICS
 agent 2.x and earlier, the console can retrieve focus data only from devices that are online. For devices with agent 3.0 and later, devices do not need to be online because the console can retrieve the latest data available in the
CylanceOPTICS
 cloud database.
If you want to enable the automatic upload of focus data for devices to the management console, turn on these options in the device policy. If you do not select this option, you must use the console to manually request focus data.
  1. Do any of the following:
    Task
    Steps
    View focus data from device details.
    1. In the management console, on the menu bar, click
      Assets > Devices
      .
    2. Click a device and review the
      Threats & Activities
       section.
    3. If you did not enable the automatic upload of focus data, for a threat or event, click
      Request Data
      .
    4. Click
      View Data
      .
    View focus data from an InstaQuery.
    To create a new InstaQuery, see Create an InstaQuery.
    1. In the management console, on the menu bar, click
      CylanceOPTICS > InstaQuery > Previous Queries
      .
    2. For an InstaQuery, click
      View Results
      .
    3. For a result, click
      Actions > Request Focus Data
      .
    4. Click
      View Focus Data
      .
    View focus data from a master list.
    1. In the management console, on the menu bar, click
      CylanceOPTICS > Focus Data
      .
      The list includes the focus data that was previously requested by an administrator or automatically uploaded to the console.
    2. For an artifact or event, click
      View Focus
      .
  • Some artifacts or facets in the focus data may include a
    Create InstaQuery
     option to retrieve more information. This is known as a pivot query. The artifact or facet properties are prepopulated, you only need to specify the appropriate zones. The pivot query results are then available with the associated focus data.
  • If you want to export focus data to a .csv file, click Table view icon, then click Export icon.