Query Options
Queries provide the ability to save custom views of vulnerability, event, ticket, user, and alert data for repeated access.
| Option | Description |
|---|---|
|
Name |
A name for the query. |
|
Description |
A description for the query. |
|
Tag |
A tag for the query. For more information, see Tags. |
|
Type |
The type of data you want the query to use. For more information about the filter components for Vulnerability, Event, and Mobile data types, see Vulnerability Analysis Filter Components, Event Analysis Filter Components, and Mobile Analysis. For more information about the filter components for Ticket, User, and Alert data types, see Ticket-Specific Query Options, User-Specific Query Options, and Alert-Specific Query Options. |
|
Tool |
Chooses the analysis tool used by the query. |
Ticket queries are a useful way of determining what tickets to alert against. For example, if you want to be alerted when a specific user receives a ticket, you could create a query with a ticket filter where the Assignee value is the user's name. You could then create an alert to email you when the user receives a ticket. The table below contains a list of the ticket query options.
| Option | Description |
|---|---|
|
Name |
Ticket name to filter against |
|
Status |
Ticket status to filter against. |
|
Classification |
The ticket classification to filter against. |
|
Owner |
The manager (owner) of the ticket assignee. |
|
Assignee |
The ticket assignee to filter against. |
|
Created Timeframe |
Ticket creation date/time to filter against. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.) |
|
Assigned Timeframe |
Ticket assigned date/time to filter against. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.) |
|
Modified Timeframe |
Ticket modified date/time to filter against. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.) |
|
Resolved Timeframe |
Ticket resolution date/time to filter against. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.) |
|
Closed Timeframe |
Ticket closed date/time to filter against. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.) |
User queries are useful for reporting, dashboards and alerts based on user actions. For example, they can track user logins and locked accounts. They can also track user logins from accounts not authorized on the monitored systems.
| Option | Description |
|---|---|
|
First Name |
User first name to filter against. |
|
Last Name |
User last name to filter against. |
|
Username |
Actual username to filter against. |
|
Group |
Filter against the group the user(s) belong to. |
|
Role |
Filters against users who have the specified role. |
|
|
Filters against users based on their email address. |
|
Last Login Timeframe |
Filters against users whose last login was that the timeframe specified. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.). |
|
Account State |
Filters against the user account state (locked vs. unlocked). |
The alert query is useful for reporting, dashboards and alerting when an alert has triggered. This is useful for situations where you want a report, dashboard element, or conditional alert after the specified alert filter conditions have been met. For example, you can schedule a daily report containing a query of all active alerts and their details.
| Option | Description |
|---|---|
|
Name |
Filter against alerts with the specified name. |
|
Description |
Filter against alerts with the specified description. |
|
State |
Choose from All, Triggered, or Not Triggered. |
|
Created Timeframe |
Filters against the alert creation timeframe specified. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.). |
|
Modified Timeframe |
Filters against the most recent alert modification timeframe specified. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.). |
|
Last Triggered Timeframe |
Filters against the most recent alert trigger timeframe specified. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.). |
|
Last Evaluated Timeframe |
Filters against the most recent alert evaluation timeframe specified. Either specify an explicit timeframe, including the start and end time or choose one of the predefined periods (e.g., last 15 minutes, last hour, etc.). |