- Using dashboards
- Managing users, devices, and groups
- Managing threats detected by CylancePROTECT Desktop
- Managing threats detected by CylancePROTECT Mobile
- Managing safe and unsafe lists for CylancePROTECT Desktop and CylancePROTECT Mobile
- Add a file to the CylancePROTECT Desktop global quarantine or global safe list
- Add a file to the CylancePROTECT Desktop local quarantine or local safe list
- Add a certificate to the CylancePROTECT Desktop global safe list
- Add an app, certificate, IP address, or domain to a CylancePROTECT Mobile safe or restricted list
- Analyzing data collected by CylanceOPTICS
- Using CylanceOPTICS to detect and respond to events
- Managing user risk with CylancePERSONA Desktop
- Monitoring network connections with CylanceGATEWAY
- View mobile OS vulnerabilities
- Auditing administrator actions
- Managing logs
- Send events to a SIEM solution or syslog server
- Enable access to the Cylance User API
- Troubleshooting Cylance Endpoint Security
Filters
You can use filters to narrow or expand the scope of a state to account for a smaller or larger number of events to analyze. Event filters use the same event categories, subcategories, and types that are outlined in Data structures that CylanceOPTICS uses to identify threats.
Example 1:
The following example limits inspected events to process start events."Filters": [ { "Type": "Event", "Data": { "Category": "Process", "SubCategory": "", "Type": "Start" } } ]
Example 2:
The following example inspects all types of file events (create, write, delete)."Filters": [ { "Type": "Event", "Data": { "Category": "File", "SubCategory": "", "Type": "*" } } ]