Jump to Content
Query Docs
HomeGuidesDiscussions
v1.0

Log InQuery Docs
Guides
Log In
v1.0HomeGuidesDiscussions
All
Pages
Start typing to search…

Welcome

  • Welcome to Query!
  • Product Architecture
  • Security & Privacy

Search & Results

  • Getting Started
  • Search Progress and Results
  • Summary Insights (Federated Dashboards)
  • Searching in the Query UI

Administration

  • Team Management

Integrations

  • Cloud Infrastructure and Security
    • Amazon CloudWatch Logs (for AWS WAFv2)
    • Lacework (FortiCNAPP)
    • Microsoft Graph API - Security
  • Data Lakes and Data Warehouses
    • Amazon Athena (for Amazon S3)
    • Amazon Redshift
    • Amazon Redshift Serverless
    • Amazon Security Lake
    • Azure Data Explorer (ADX)
    • ClickHouse Cloud
    • Databricks
    • Google BigQuery
    • Snowflake
  • Data Security
    • Cyera
  • Email Security and Communications
    • Gmail Messages API
    • Microsoft Defender for Office 365
  • Endpoint
    • Carbon Black Cloud
    • CrowdStrike Falcon API
    • Microsoft Defender for Endpoint
    • SentinelOne Singularity Platform
  • Identity and HR
    • Auth0
    • Google Workspace - Directory API
    • Microsoft Entra ID (Azure AD)
    • Okta
  • IT Service Management
    • Armis Centrix
    • ServiceNow
  • Mobile Device Management
    • JAMF Pro
    • Microsoft Intune
  • SIEM and Log Management
    • Amazon OpenSearch Service
    • Azure Log Analytics
    • Cribl Search
    • CrowdStrike Falcon LogScale (Humio)
    • Datadog
    • Google Security Operations SIEM (Google Chronicle)
    • Google Workspace - Reports API
    • Microsoft Sentinel (Azure Sentinel)
    • Splunk Enterprise & Cloud
  • Threat Intelligence and Enrichment
    • AlienVault OTX
    • CISA Known Exploited Vulnerabilities (KEV) Catalog
    • ip-api (Geolocation API)
    • MISP (Malware Information Sharing Project)
    • Shodan
    • Tégo
    • VirusTotal
    • WhoisXML API

Query APPS

  • Query Splunk App
    • Splunk App Setup and Administration
    • Running Federated Search from Splunk
    • Splunk App Quick Reference Guide
  • Query Chrome Extension

Query Data Model Reference

  • About the Query Data Model
  • Configure Schema
  • Events
    • Account Change
    • Admin Group Query
    • API Activity
    • Application Lifecycle
    • Authentication
    • Authorize Session
    • Base Event
    • Compliance Finding
    • Device Config State
    • Data Security Finding
    • Datastore Activity
    • Detection Finding
    • Device Config State Change
    • DHCP Activity
    • DNS Activity
    • Email Activity
    • Email File Activity
    • Email URL Activity
    • Entity Management
    • File System Activity
    • File Hosting Activity
    • File Query
    • File Remediation Activity
    • Folder Query
    • FTP Activity
    • Group Management
    • HTTP Activity
    • Incident Finding
    • Device Inventory Info
    • Job Query
    • Kernel Activity
    • Kernel Object Query
    • Memory Activity
    • Module Activity
    • Module Query
    • Network Activity
    • Network Connection Query
    • Network File Activity
    • Network Remediation Activity
    • Networks Query
    • NTP Activity
    • OSINT Inventory Info
    • Operating System Patch State
    • Peripheral Device Query
    • Prefetch Query
    • Process Activity
    • Process Query
    • Process Remediation Activity
    • RDP Activity
    • Registry Key Activity
    • Registry Key Query
    • Registry Value Activity
    • Registry Value Query
    • Remediation Activity
    • Scan Activity
    • Scheduled Job Activity
    • Security Finding
    • Service Query
    • User Session Query
    • SMB Activity
    • Software Inventory Info
    • SSH Activity
    • Tunnel Activity
    • User Access Management
    • User Inventory Info
    • User Query
    • Vulnerability Finding
    • Web Resource Access Activity
    • Web Resources Activity
    • Cloud Resources Inventory Info
    • Startup Item Query
    • Kernel Extension Activity
    • Event Log Activity
    • Script Activity
    • Airborne Broadcast Activity
    • Drone Flights Activity
    • Application Error
    • Windows Service Activity
    • Windows Resource Activity
  • Objects
    • Account
    • Actor
    • Affected Code
    • Affected Software Package
    • Agent
    • Analytic
    • API
    • MITRE ATT&CK®
    • Authentication Factor
    • Authorization Result
    • Autonomous System
    • Digital Certificate
    • CIS Benchmark
    • CIS Benchmark Result
    • CIS Control
    • CIS CSC
    • Cloud
    • Compliance
    • Container
    • CVE
    • CVSS Score
    • CWE
    • MITRE D3FEND™ Tactic
    • MITRE DEFEND™ Technique
    • MITRE D3FEND™
    • Data Classification
    • Data Security
    • Database
    • Databucket
    • DCE/RPC
    • Device
    • Device Hardware Info
    • Digital Signature
    • Display
    • DNS Answer
    • DNS Query
    • Domain Contact
    • Domain Threat Intelligence
    • Email
    • Email Authentication
    • Endpoint
    • Endpoint Connection
    • Enrichment
    • EPSS
    • Evidence Artifacts
    • Schema Extension
    • Feature
    • File
    • File Threat Intelligence
    • Finding
    • Finding Information
    • Fingerprint
    • Firewall Rule
    • Group
    • HASSH
    • HTTP Cookie
    • HTTP Header
    • HTTP Request
    • HTTP Response
    • Identity Provider
    • Image
    • IP Threat Intelligence
    • JA4+ Fingerprint
    • Job
    • KB Article
    • Kernel Resource
    • Kernel Extension
    • Keyboard Information
    • Kill Chain Phase
    • LDAP Person
    • Load Balancer
    • Geo Location
    • Logger
    • Malware
    • Managed Entity
    • Metadata
    • Metric
    • Module
    • Network Connection Information
    • Network Endpoint
    • Network Interface
    • Network Proxy Endpoint
    • Network Traffic
    • Object
    • Observable
    • Organization
    • Operating System (OS)
    • OSINT
    • Software Package
    • Peripheral Device
    • Policy
    • Linux Process
    • Product
    • Query Information
    • Registry Key
    • Registry Value
    • Related Event/Finding
    • Remediation
    • Reputation
    • Request Elements
    • Resource
    • Resource Details
    • Response Elements
    • RPC Interface
    • Rule
    • Subject Alternative Name
    • Scan
    • Security State
    • Service
    • Session
    • MITRE ATT&CK® Sub Technique
    • Table
    • MITRE ATT&CK® Tactic
    • MITRE ATT&CK® Technique
    • Threat Intelligence
    • Ticket
    • Time Span
    • Transport Layer Security (TLS)
    • TLS Extension
    • Unmapped
    • Uniform Resource Locator
    • URL Threat Intelligence
    • User
    • Vulnerability Details
    • Web Resource
    • WHOIS
    • Windows Resource
    • Windows Service
    • Encryption Details
    • Trace
    • Span
    • Software Component
    • Assessment
    • Script
    • Occurrence Details
    • Software Bill of Materials
    • SSO
    • Process Entity
    • Key:Value object
    • Advisory
    • Classifier Details
    • Aircraft
    • Unmanned Aerial System
    • Vendor Attributes
    • Discovery Details
    • Unmanned System Operating Area
    • Startup Item
    • Environment Variable
    • Long String
    • SCIM
  • Event Categories
  • Data Types

FSQL: Federated Search Query Language

  • Introduction to FSQL
  • FSQL User Guide for Security Analysts
  • From SPL to FSQL: A Security Analyst's Guide
  • FSQL Technical Reference
    • Query's Federated Search Platform
    • Attribute Selectors
    • Dates and Times
    • Search Filter Operators
    • Other Commands
  • FAQL
  • The FSQL API

Threat Cases

  • Detection Finding Triage Agent

Google Workspace - Reports API

Integrate with the Google Workspace (formerly known as G-Suite) Reports API to receive information on users and their devices in your Google Workspace directory.

Updated 3 months ago


Google Security Operations SIEM (Google Chronicle)
Microsoft Sentinel (Azure Sentinel)
COMPANY

Product

About

Careers

Leadership

Board of Directors

RESOURCES

Documentation

Blogs

Newsroom

Videos

White Papers

LEGAL

Data Processing Agreement

Privacy & Cookie Policy

Security Protocols

Service Level Agreement

Subprocessors

Support Agreement

Terms and Conditions

CONTACT

Book a Demo

Contact Sales


Query

3423 Piedmont Road NE
• Atlanta, GA 30305
©2024 Query, All Rights Reserved.