Jump to Content
Home
Guides
Discussions
v1.0
Log In
Guides
Log In
v1.0
Home
Guides
Discussions
Registry Value Query
Search
All
Pages
Start typing to search…
Welcome
Welcome to Query!
Product Architecture
Security & Privacy
Search & Results
Getting Started
Search Progress and Results
Summary Insights (Federated Dashboards)
Searching in the Query UI
Administration
Team Management
Integrations
Cloud Infrastructure and Security
Amazon CloudWatch Logs (for AWS WAFv2)
Lacework (FortiCNAPP)
Microsoft Graph API - Security
Data Lakes and Data Warehouses
Amazon Athena (for Amazon S3)
Amazon Redshift
Amazon Redshift Serverless
Amazon Security Lake
Azure Data Explorer (ADX)
ClickHouse Cloud
Databricks
Google BigQuery
Snowflake
Data Security
Cyera
Developer Security
Email Security and Communications
Gmail Messages API
Microsoft Defender for Office 365
Endpoint
Carbon Black Cloud
CrowdStrike Falcon API
Microsoft Defender for Endpoint
SentinelOne Singularity Platform
Identity and HR
Auth0
Google Workspace - Directory API
Microsoft Entra ID (Azure AD)
Okta
IT Service Management
Armis Centrix
ServiceNow
Mobile Device Management
JAMF Pro
Microsoft Intune
SIEM and Log Management
Amazon OpenSearch Service
Azure Log Analytics
Cribl Search
CrowdStrike Falcon LogScale (Humio)
Datadog
Google Security Operations SIEM (Google Chronicle)
Google Workspace - Reports API
Microsoft Sentinel (Azure Sentinel)
Splunk Enterprise & Cloud
Threat Intelligence and Enrichment
AlienVault OTX
CISA Known Exploited Vulnerabilities (KEV) Catalog
ip-api (Geolocation API)
MISP (Malware Information Sharing Project)
Shodan
Tégo
VirusTotal
WhoisXML API
Query APPS
Query Splunk App
Splunk App Setup and Administration
Running Federated Search from Splunk
Splunk App Quick Reference Guide
Query Chrome Extension
Query Data Model Reference
About the Query Data Model
Configure Schema
Events
Account Change
Admin Group Query
API Activity
Application Lifecycle
Authentication
Authorize Session
Base Event
Compliance Finding
Device Config State
Data Security Finding
Datastore Activity
Detection Finding
Device Config State Change
DHCP Activity
DNS Activity
Email Activity
Email File Activity
Email URL Activity
Entity Management
File System Activity
File Hosting Activity
File Query
File Remediation Activity
Folder Query
FTP Activity
Group Management
HTTP Activity
Incident Finding
Device Inventory Info
Job Query
Kernel Activity
Kernel Object Query
Memory Activity
Module Activity
Module Query
Network Activity
Network Connection Query
Network File Activity
Network Remediation Activity
Networks Query
NTP Activity
OSINT Inventory Info
Operating System Patch State
Peripheral Device Query
Prefetch Query
Process Activity
Process Query
Process Remediation Activity
RDP Activity
Registry Key Activity
Registry Key Query
Registry Value Activity
Registry Value Query
Remediation Activity
Scan Activity
Scheduled Job Activity
Security Finding
Service Query
User Session Query
SMB Activity
Software Inventory Info
SSH Activity
Tunnel Activity
User Access Management
User Inventory Info
User Query
Vulnerability Finding
Web Resource Access Activity
Web Resources Activity
Cloud Resources Inventory Info
Startup Item Query
Kernel Extension Activity
Event Log Activity
Script Activity
Airborne Broadcast Activity
Drone Flights Activity
Application Error
Windows Service Activity
Windows Resource Activity
Objects
Account
Actor
Affected Code
Affected Software Package
Agent
Analytic
API
MITRE ATT&CK®
Authentication Factor
Authorization Result
Autonomous System
Digital Certificate
CIS Benchmark
CIS Benchmark Result
CIS Control
CIS CSC
Cloud
Compliance
Container
CVE
CVSS Score
CWE
MITRE D3FEND™ Tactic
MITRE DEFEND™ Technique
MITRE D3FEND™
Data Classification
Data Security
Database
Databucket
DCE/RPC
Device
Device Hardware Info
Digital Signature
Display
DNS Answer
DNS Query
Domain Contact
Domain Threat Intelligence
Email
Email Authentication
Endpoint
Endpoint Connection
Enrichment
EPSS
Evidence Artifacts
Schema Extension
Feature
File
File Threat Intelligence
Finding
Finding Information
Fingerprint
Firewall Rule
Group
HASSH
HTTP Cookie
HTTP Header
HTTP Request
HTTP Response
Identity Provider
Image
IP Threat Intelligence
JA4+ Fingerprint
Job
KB Article
Kernel Resource
Kernel Extension
Keyboard Information
Kill Chain Phase
LDAP Person
Load Balancer
Geo Location
Logger
Malware
Managed Entity
Metadata
Metric
Module
Network Connection Information
Network Endpoint
Network Interface
Network Proxy Endpoint
Network Traffic
Object
Observable
Organization
Operating System (OS)
OSINT
Software Package
Peripheral Device
Policy
Linux Process
Product
Query Information
Registry Key
Registry Value
Related Event/Finding
Remediation
Reputation
Request Elements
Resource
Resource Details
Response Elements
RPC Interface
Rule
Subject Alternative Name
Scan
Security State
Service
Session
MITRE ATT&CK® Sub Technique
Table
MITRE ATT&CK® Tactic
MITRE ATT&CK® Technique
Threat Intelligence
Ticket
Time Span
Transport Layer Security (TLS)
TLS Extension
Unmapped
Uniform Resource Locator
URL Threat Intelligence
User
Vulnerability Details
Web Resource
WHOIS
Windows Resource
Windows Service
Encryption Details
Trace
Span
Software Component
Assessment
Script
Occurrence Details
Software Bill of Materials
SSO
Process Entity
Key:Value object
Advisory
Classifier Details
Aircraft
Unmanned Aerial System
Vendor Attributes
Discovery Details
Unmanned System Operating Area
Startup Item
Environment Variable
Long String
SCIM
Event Categories
Data Types
FSQL: Federated Search Query Language
Introduction to FSQL
FSQL User Guide for Security Analysts
From SPL to FSQL: A Security Analyst's Guide
FSQL Technical Reference
Query's Federated Search Platform
Attribute Selectors
Dates and Times
Search Filter Operators
Other Commands
FAQL
The FSQL API
Threat Cases
Detection Finding Triage Agent
Registry Value Query
Updated 3 months ago
Registry Value Activity
Remediation Activity
