Guides
Start typing to search…

Reverse Demo Trial

Try Query without changing your infrastructure!

Welcome to Query’s Reverse Demo Trial! We are excited to get you started leveraging the power of federated search. In this trial environment you will have your own tenant of the Query platform.

This is your trial to get acclimated to the power of Query. You will start with a “canned” set of data connections utilizing our anonymized data to perform searches and investigations. Have fun and we welcome any feedback.

Data Sources

The Query solution will have a number of data connections preconfigured for you. They are:

  • AWS S3 Logs
    • Carbon Black
    • MS Defender
    • Crowdstrike
    • Generic Inventory
  • Splunk Logs
    • Nginx
    • Sharepoint
    • Proofpoint
  • Azure Active Directory
  • VirusTotal (Utilizing your own keys, setup to follow)

These data sources give a good overview of the possibilities of different data sources a typical organization might have. We are continuously adding more data connectors and you might have some that we support. We encourage you to add your own.

Setup A New Connection

Adding a threat intelligence platform like VirusTotal is a quick way to add your own data connection. Add a new connection utilizing your keys by following the VirusTotal documentation.

Running First Search

Now that you have all of your data sources configured, here are some sample searches:

File Hash equals

  • b5045d802394f4560280a7404af69263
  • 4e1b36182482644f5a377f3351f19118
  • 1e5ca25dab653acfb4f356f0aca42f66
  • 09350e100a4bda4a276fca6a968eb9ea
  • Or any other hash (MD5/SHA256) you might have, however likely you will only receive threat intelligence results.

IP Address equals

  • 172.16.16.10
  • 172.16.16.86
  • Any IP in the range of 172.16.16.10-120
  • Any External IP address

Username or Email contains (Note that asterisks are not necessary)

  • scott
  • barbara
  • eric
  • query.ai

Hostname contains jazzfree.com
Filename contains bash

Search Time Frames

Any of the data searched should be performed in the last week. In the search bar you will find a dropdown:

Please use the “Last Week” option in this trial to ensure you get back maximum demo results.

Pivots

A powerful feature of the Query’s federated search is the quick ability to pivot to different data sources. To pivot your search is quick as right clicking any IP address, Username or hash to pivot your investigation.

Graph Views

Any data results returned you can simply select the graph connect view at the top of the results.

The graph views help an analyst understand how the data is connected and where the data was found in a graphical relationship.

The Summary Pane

On the right side of the results you will find the Summary:

The summary pane allows you to quickly filter out the data you want to filter. Here I am filtering for Crowdstrike Process Logs by click both the Platform Name and the type of Process:

You will notice that at the top of the results you will see the filter:

You may turn off the filter by clicking the ‘X’ in the filter or by clicking on the entry in the summary pane. Feel free to explore all of the options filtering in the results.

Also you can flip between the “Row View” and “Graph View” at your leisure and note that the filters are sticky between the views.

Configure Own Data Sources

Adding your own supported data sources is encouraged. You can add your own supported data sources quickly in the connections page. If you need assistance with setting up your connection you may refer to the documentation.

Disabling or Deleting Trial Data Sources

As you add new connections you might want to disable or delete the connections. Note that if there are any other users in your organization and you delete or disable a data connection, this impacts all users in your organization.

Disable Connection

To disable a connection click the green slider next in the connections box. When you disable a connection you will preserve all of the connection keys or login information, however no results will be returned from this connection.

Delete Preconfigured Connections

If you wish to delete a connection, click the 3 dots on the connection. Click and hold down the connection to delete it. Once deleted the keys or other login information are lost forever.

This is Your Tennant

Note that this is your tennant and is a full working version of the product. If you’d like to continue using the Query platform, we do not have to migrate your connections. We simply delete all of the default Reverse Demo connections and you have a fresh tenant.

Resources & Help

For any assistance or would like to read more about how Query works, read through the Query documentation.
If you need further assistance please contact your account team or [email protected].

Updated 9 days ago