You can create a custom advanced query with granular search capabilities using EQL syntax to better find and resolve cyberthreats. Advanced query offers deep visibility into your CylanceOPTICS environment, expansive query options, and optimized workflows that allow you to combine related searches to reveal new insights. Advanced query is supported for devices with the CylanceOPTICS agent version 3.0 or later.
1. Click CylanceOPTICS > Advanced Query
2. Click Add New Query
3. Type or paste the query
See Supported EQL syntax for advanced query for more information on EQL syntax formatting and Sample CylanceOPTICS EQL Queries.
Here’s an example of a query for a specific process name:
process where process.name == "<name>"
4. Scope the query to zones and devices
If you don’t set the scope, the query applies to all zones and devices.
5. Set a date and time range
If you don’t set a range, the query applies to all available data.
6. Click Search
7. Review the results
You can perform actions from certain results. For example, you can request and view focus data or quarantine a file.
8. That's it!
Now you know how to create an advanced query for CylanceOPTICS.
For more information about advanced queries, take a look at Create an advanced query in the Cylance Endpoint Security Administration Guide.