Transform Field Observations into Actionable Cyber Intelligence
In operational technology environments, your frontline operators are often the first to notice something’s not right. OPTIC bridges the critical gap between “I saw something unusual” and “We have structured threat intelligence ready to act on.”
Built for How OT Security Actually Works
Traditional cybersecurity tools miss what matters most in OT: the human observations, the subtle process deviations, the “that’s never happened before” moments that signal an attack in progress. OPTIC was purpose-built to capture this critical intelligence from the people who know your systems bestโthen automatically translate it into the language security analysts need.
From Observation to Response in Minutes, Not Days
OPTIC guides users through a systematic evaluation process that converts field observations into STIX 2.1-formatted threat intelligence. No security degree required. The application maps observations to MITRE ATT&CKยฎ for ICS techniques, identifies relevant NIST countermeasures (CSF and SP 800-82), and assesses your organization’s readiness using the C2M2 maturity modelโall automatically.
Standalone Power. Enterprise Scale.
Deploy OPTIC for individual analysts or across your entire organization. When leveraged enterprise-wide, OPTIC creates a collaborative defense ecosystem where anomalous events are consistently documented, analyzed, and shared across business units. Historical pattern matching helps identify attack campaigns early, while comprehensive reporting ensures stakeholders have the context they need to make informed decisions.
See Something. Say Something. Stop Something.
OPTIC empowers your workforce to become active participants in your cybersecurity posture. Every observation contributes to organizational threat intelligence. Every investigation builds institutional knowledge. Every report accelerates response time when seconds matter.
Live Application Demo
Human-Centric Collection
Enables field operators to report anomalous events through guided workflowsโno cybersecurity expertise required.
Pattern Recognition
Discovers similarities to historical cyber indicators of attack using MITRE ATT&CKยฎ for ICS framework.
STIX 2.1 Export
Generates machine-readable threat intelligence bundles for integration with BAM and SOC tools.
Live Application Demo
Desktop Mode: Experience the full OPTIC workflow with comprehensive investigation capabilities.
OPTIC
Operational Process for Trigger
Identification and Comprehension
Identification and Comprehension
Resources and Documentation
GitHub Repository
Watch the recorded presentation to learn more about BAM’s capabilities and real-world applications.
User Guide
Comprehensive guide for operators and security personnel on using OPTIC effectively.
Integration with BAM
Learn how OPTIC integrates with the Bayesian Attack Model for enhanced threat analysis.
INL ICS 311 Course
OPTIC demonstrated in “Detect the Attacker” OT threat hunting course with CATCH and BAM.
STIX 2.1 Documentation
Technical details on OPTIC’s STIX 2.1 bundle format and integration specifications.
CATCH Integration
Collection and Analysis of Telemetry for CyOTE Heuristicsโtelemetry collection companion tool.
Demonstrated in INL ICS 311 “Detect the Attacker”: OPTIC + CATCH + BAM working together to support hypothesis-driven OT threat hunting.