Jump to Content
Query Docs
HomeGuidesDiscussions
v1.0

Log InQuery Docs
Guides
Log In
v1.0HomeGuidesDiscussions
All
Pages
Start typing to search…

Welcome

  • Welcome to Query!
  • Product Architecture
  • Security & Privacy

Search & Results

  • Getting Started
  • Search Progress and Results
  • Summary Insights (Federated Dashboards)
  • Searching in the Query UI

Administration

  • Team Management

Integrations

  • Cloud Infrastructure and Security
    • Amazon CloudWatch Logs (for AWS WAFv2)
    • Lacework (FortiCNAPP)
    • Microsoft Graph API - Security
  • Data Lakes and Data Warehouses
    • Amazon Athena (for Amazon S3)
    • Amazon Redshift
    • Amazon Redshift Serverless
    • Amazon Security Lake
    • Azure Data Explorer (ADX)
    • ClickHouse Cloud
    • Databricks
    • Google BigQuery
    • Snowflake
  • Data Security
    • Cyera
  • Developer Security
  • Email Security and Communications
    • Gmail Messages API
    • Microsoft Defender for Office 365
  • Endpoint
    • Carbon Black Cloud
    • CrowdStrike Falcon API
    • Microsoft Defender for Endpoint
    • SentinelOne Singularity Platform
  • Identity and HR
    • Auth0
    • Google Workspace - Directory API
    • Microsoft Entra ID (Azure AD)
    • Okta
  • IT Service Management
    • Armis Centrix
    • ServiceNow
  • Mobile Device Management
    • JAMF Pro
    • Microsoft Intune
  • SIEM and Log Management
    • Amazon OpenSearch Service
    • Azure Log Analytics
    • Cribl Search
    • CrowdStrike Falcon LogScale (Humio)
    • Datadog
    • Google Security Operations SIEM (Google Chronicle)
    • Google Workspace - Reports API
    • Microsoft Sentinel (Azure Sentinel)
    • Splunk Enterprise & Cloud
  • Threat Intelligence and Enrichment
    • AlienVault OTX
    • CISA Known Exploited Vulnerabilities (KEV) Catalog
    • ip-api (Geolocation API)
    • MISP (Malware Information Sharing Project)
    • Shodan
    • Tégo
    • VirusTotal
    • WhoisXML API

Query APPS

  • Query Splunk App
    • Splunk App Setup and Administration
    • Running Federated Search from Splunk
    • Splunk App Quick Reference Guide
  • Query Chrome Extension

Query Data Model Reference

  • About the Query Data Model
  • Configure Schema
  • Events
    • Account Change
    • Admin Group Query
    • API Activity
    • Application Lifecycle
    • Authentication
    • Authorize Session
    • Base Event
    • Compliance Finding
    • Device Config State
    • Data Security Finding
    • Datastore Activity
    • Detection Finding
    • Device Config State Change
    • DHCP Activity
    • DNS Activity
    • Email Activity
    • Email File Activity
    • Email URL Activity
    • Entity Management
    • File System Activity
    • File Hosting Activity
    • File Query
    • File Remediation Activity
    • Folder Query
    • FTP Activity
    • Group Management
    • HTTP Activity
    • Incident Finding
    • Device Inventory Info
    • Job Query
    • Kernel Activity
    • Kernel Object Query
    • Memory Activity
    • Module Activity
    • Module Query
    • Network Activity
    • Network Connection Query
    • Network File Activity
    • Network Remediation Activity
    • Networks Query
    • NTP Activity
    • OSINT Inventory Info
    • Operating System Patch State
    • Peripheral Device Query
    • Prefetch Query
    • Process Activity
    • Process Query
    • Process Remediation Activity
    • RDP Activity
    • Registry Key Activity
    • Registry Key Query
    • Registry Value Activity
    • Registry Value Query
    • Remediation Activity
    • Scan Activity
    • Scheduled Job Activity
    • Security Finding
    • Service Query
    • User Session Query
    • SMB Activity
    • Software Inventory Info
    • SSH Activity
    • Tunnel Activity
    • User Access Management
    • User Inventory Info
    • User Query
    • Vulnerability Finding
    • Web Resource Access Activity
    • Web Resources Activity
    • Cloud Resources Inventory Info
    • Startup Item Query
    • Kernel Extension Activity
    • Event Log Activity
    • Script Activity
    • Airborne Broadcast Activity
    • Drone Flights Activity
    • Application Error
    • Windows Service Activity
    • Windows Resource Activity
  • Objects
    • Account
    • Actor
    • Affected Code
    • Affected Software Package
    • Agent
    • Analytic
    • API
    • MITRE ATT&CK®
    • Authentication Factor
    • Authorization Result
    • Autonomous System
    • Digital Certificate
    • CIS Benchmark
    • CIS Benchmark Result
    • CIS Control
    • CIS CSC
    • Cloud
    • Compliance
    • Container
    • CVE
    • CVSS Score
    • CWE
    • MITRE D3FEND™ Tactic
    • MITRE DEFEND™ Technique
    • MITRE D3FEND™
    • Data Classification
    • Data Security
    • Database
    • Databucket
    • DCE/RPC
    • Device
    • Device Hardware Info
    • Digital Signature
    • Display
    • DNS Answer
    • DNS Query
    • Domain Contact
    • Domain Threat Intelligence
    • Email
    • Email Authentication
    • Endpoint
    • Endpoint Connection
    • Enrichment
    • EPSS
    • Evidence Artifacts
    • Schema Extension
    • Feature
    • File
    • File Threat Intelligence
    • Finding
    • Finding Information
    • Fingerprint
    • Firewall Rule
    • Group
    • HASSH
    • HTTP Cookie
    • HTTP Header
    • HTTP Request
    • HTTP Response
    • Identity Provider
    • Image
    • IP Threat Intelligence
    • JA4+ Fingerprint
    • Job
    • KB Article
    • Kernel Resource
    • Kernel Extension
    • Keyboard Information
    • Kill Chain Phase
    • LDAP Person
    • Load Balancer
    • Geo Location
    • Logger
    • Malware
    • Managed Entity
    • Metadata
    • Metric
    • Module
    • Network Connection Information
    • Network Endpoint
    • Network Interface
    • Network Proxy Endpoint
    • Network Traffic
    • Object
    • Observable
    • Organization
    • Operating System (OS)
    • OSINT
    • Software Package
    • Peripheral Device
    • Policy
    • Linux Process
    • Product
    • Query Information
    • Registry Key
    • Registry Value
    • Related Event/Finding
    • Remediation
    • Reputation
    • Request Elements
    • Resource
    • Resource Details
    • Response Elements
    • RPC Interface
    • Rule
    • Subject Alternative Name
    • Scan
    • Security State
    • Service
    • Session
    • MITRE ATT&CK® Sub Technique
    • Table
    • MITRE ATT&CK® Tactic
    • MITRE ATT&CK® Technique
    • Threat Intelligence
    • Ticket
    • Time Span
    • Transport Layer Security (TLS)
    • TLS Extension
    • Unmapped
    • Uniform Resource Locator
    • URL Threat Intelligence
    • User
    • Vulnerability Details
    • Web Resource
    • WHOIS
    • Windows Resource
    • Windows Service
    • Encryption Details
    • Trace
    • Span
    • Software Component
    • Assessment
    • Script
    • Occurrence Details
    • Software Bill of Materials
    • SSO
    • Process Entity
    • Key:Value object
    • Advisory
    • Classifier Details
    • Aircraft
    • Unmanned Aerial System
    • Vendor Attributes
    • Discovery Details
    • Unmanned System Operating Area
    • Startup Item
    • Environment Variable
    • Long String
    • SCIM
  • Event Categories
  • Data Types

FSQL: Federated Search Query Language

  • Introduction to FSQL
  • FSQL User Guide for Security Analysts
  • From SPL to FSQL: A Security Analyst's Guide
  • FSQL Technical Reference
    • Query's Federated Search Platform
    • Attribute Selectors
    • Dates and Times
    • Search Filter Operators
    • Other Commands
  • FAQL
  • The FSQL API

Threat Cases

  • Detection Finding Triage Agent

Registry Value Query

Updated 3 months ago


Registry Value Activity
Remediation Activity
COMPANY

Product

About

Careers

Leadership

Board of Directors

RESOURCES

Documentation

Blogs

Newsroom

Videos

White Papers

LEGAL

Data Processing Agreement

Privacy & Cookie Policy

Security Protocols

Service Level Agreement

Subprocessors

Support Agreement

Terms and Conditions

CONTACT

Book a Demo

Contact Sales


Query

3423 Piedmont Road NE
• Atlanta, GA 30305
©2024 Query, All Rights Reserved.