Skip Navigation

Create an Advanced Query for CylanceOPTICS

Eight simple steps to create and view an advanced query

You can create a custom advanced query with granular search capabilities using EQL syntax to better find and resolve cyberthreats. Advanced query offers deep visibility into your CylanceOPTICS environment, expansive query options, and optimized workflows that allow you to combine related searches to reveal new insights. Advanced query is supported for devices with the CylanceOPTICS agent version 3.0 or later.

Path to get to Advanced Query feature

1. Click CylanceOPTICS > Advanced Query

Screenshot of  the add new query button

2. Click Add New Query

Screenshot of EQL syntax in dialogue box

3. Type or paste the query

See Supported EQL syntax for advanced query for more information on EQL syntax formatting and Sample CylanceOPTICS EQL Queries.

Here’s an example of a query for a specific process name:

process where == "<name>"
Screenshot of filter by device screen

4. Scope the query to zones and devices

If you don’t set the scope, the query applies to all zones and devices.

Screenshot of date and time range screen

5. Set a date and time range

If you don’t set a range, the query applies to all available data.

Screenshot of search button

6. Click Search

Screenshot of examples of result actions

7. Review the results

You can perform actions from certain results. For example, you can request and view focus data or quarantine a file. 

screenshot of advanced query search results

8. That's it!

Now you know how to create an advanced query for CylanceOPTICS.

For more information about advanced queries, take a look at Create an advanced query in the Cylance Endpoint Security Administration Guide.