Query Chrome Extension
Run federated search from any external web-console or web page
What is Query's Chrome Extension
Query's Chrome Extension allows analysts to run federated searches from any external web-console or web page, directly via a right-click action menu embedded in the browser menu. You can select any text such as IP addresses, file hashes, etc. from that external web UI, and pass them as parameters to Query to see the relevant federated search results.
You can select and pass any attribute value you need to search by, such as IP Address, File Hash, URL, Domain, File Name, Username, Email, etc.
Adding the Extension to your Chrome
Go to Query's Extension in Chrome Web Store and add the extension from there. Alternatively, you can go to the Apps menu in the Query Console that will take you to the extension in the Web Store.
Customizing Searches
You can customize the search inputs and the time range to search by.
-
Find the Extensions icon in Chrome's extensions toolbar and click on it to see all your installed extensions. The extensions icon looks like:
-
Pin the extension into the extensions toolbar as per below image. Pinning will add the Query logo next to the above extensions icon in the extensions toolbar.
-
Click on that logo anytime to review/customize the federated searches. By default, it has these searches configured:
-
Configure a new search:
Known Issues
- The launching of Query Console from the right-click browser menu with the desired federated search doesn't work if the user does not have an active session. WORKAROUND: Login to Query first and retry from the right click.
- If there is a newer version of Chrome, the update removes the right click menu. WORKAROUND: To re-add it, click on Query's Chrome Extension logo on the extensions toolbar and make any change in the configuration. If you have not customized any searches, just click on
Reset to Defaults
button. After this saving of configuration, the right-click menu becomes available again.
Updated about 2 months ago