Getting Started

Query Quick Start

Introduction

Thanks for joining us! This guide is here to help you quickly get started performing federated searches. From initial deployment to completing your first search typically takes less than thirty minutes. Happy Querying!

📘

TL;DR Steps to Query's Federated Search Platform.

  1. Browse to go.query.ai and create a new account.
  2. Identify products to integrate.
  3. Gather required API keys, tokens or user credentials for each product.
  4. Configure access to each platform.
  5. Test search results.

Create Account

  1. Browse to go.query.ai , click the Sign Up Link, and create a password.
Click Sign Up

Click Sign Up

  1. Click Next to walk through the wizard.
  1. Click Accept for the Terms and Conditions.
  1. Tell us about you and click Next.
  1. Next, Create an Organization. In Query, every user is a member of at least one Organization. An Organization contains all of the data connection connection and credentials. You may want to configure multiple Organizations if different team members need access to different data platforms. Organizations will utilize the shared credentials to gain access to data. You may add additional users to the Query Organization by adding their email addresses followed by a Enter or Tab.
  1. Select dark or light UI mode and click Next.
  1. Click Finish.

Identifying Products to Integrate with Query

To use Query's federated search platform you will need to set up connections into data lakes and other API's. Here is a list of example categories and products that you might consider integrating with federated search. If you do not see your product, contact Query's Customer Success for assistance.

CategoryProducts
SIEM/Data LakeSplunk, Elasticsearch, Aws S3/Athena, Snowflake, GCP Big Query
Threat IntelVirusTotal, Recorded Future, AlienVault OTX, Microsoft Defender
IAMAzure Active Directory, Otka
CloudAWS (Cloudwatch), Security Hub, Cloudtrail, Big Query
EDRMicrosoft Defender, CrowdStrike, SentinelOne
Email & CommunicationsProofpoint TAP, Slack, Outlook

VirusTotal: Setting Up Your First Connection

Start by setting up your first federated connection. Click the Connections link, then Add Connection:

New VirusTotal connection

  • Create or login to virustotal.com. Under your profile settings select API Keys.
  • Create your VirusTotal API key and copy the key and/or save it to a secure location.
    • Name The name of the connection as it appears in the Query UI
    • Platform Instance VirusTotal
    • API Key Paste the API key from above
    • Base URL false
  • Click Test Connection . If no errors were noted, the connection was successful!
  • Click Save.
  • You will now see you have one data connection setup for VirusTotal.

NOTE: You may have multiple connections of the same type, each with their own API keys or credentials. For example, if you have 5 instances of a data lake, like Splunk, in different regions you may configure a connection for all 5 data lakes.

Test your connection with search

  • Click the magnifing glass icon on the left pane.
  • In the search box at the top, type or click Domain equals hendersonlandworks.co.nz:

  • Note the above example has only one connection for VirusTotal.
  • Results:

If you are receiving results, your first connection is complete!

Setting Up Additional Connections

Now that you have your first connection completed, follow a similar process to add additional data connections. See the Integrations section for additional help with other connections. If you don't see your data platform, reach out to Query's Customer Success team for assistance.