Vendor: Cylance

April 15, 2026 · View on GitHub

Product: Cylance OPTICS

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
83311736
Use-CaseActivity Types/ParsersMITRE ATT&CK® TTPContent
Compromised Credentialsprocess-alert
cylance-optics-kv-alert-trigger-success-registryevent
cylance-optics-kv-alert-trigger-success-powershellevent
cylance-optics-kv-alert-trigger-success-processevent
cylance-optics-kv-alert-trigger-success-apievent
cylance-optics-kv-alert-trigger-success-wmievent
cylance-optics-kv-alert-trigger-success-logevent
cylance-optics-kv-network-session-success-networkevent

process-network
cylance-optics-kv-network-session-success-networkevent
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
TA0002 - TA0002
  • 7 Rules
  • 2 Models
Data Exfiltrationfile-alert
cylance-optics-kv-alert-trigger-success-fileevent
TA0002 - TA0002
  • 2 Rules
  • 1 Models
Lateral Movementprocess-network
cylance-optics-kv-network-session-success-networkevent
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 42 Rules
  • 19 Models
Privilege Abusefile-alert
cylance-optics-kv-alert-trigger-success-fileevent
T1078 - Valid Accounts
  • 1 Rules
Privileged Activityfile-alert
cylance-optics-kv-alert-trigger-success-fileevent
T1078 - Valid Accounts
  • 1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Valid Accounts

Exploit Public Fasing Application

Scheduled Task/Job

Valid Accounts

Scheduled Task/Job

Valid Accounts

Scheduled Task/Job

Impair Defenses

Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Impair Defenses: Disable or Modify System Firewall

Obfuscated Files or Information

Dynamic Resolution

Dynamic Resolution: Domain Generation Algorithms

Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy