Manage Your Personal Query Library
Cortex® XDR™ provides as part of the Query Library a new Personal Library for saving and managing your own queries.
Cortex® XDR™ provides as part of the Query Library a personal query library for saving and managing your own queries. When creating a query in XQL Search or managing your queries from the Query Center, you can save queries to your personal library. You can also decide whether the query is shared with others (on the same tenant) in their Query Library or make it unshared and only visible by you. In addition, you can view the queries that are shared by others (on the same tenant) in your Query Library.
The queries listed in your Query Library have different icons to help you identify the different states of the queries.
- —Created by me and unshared.
- —Create by me and shared.
- —Created by someone else and shared.
The Query Library contains a powerful search mechanism that enables you to search in any field related to the query, such as the query name, description, creator, query text, and labels. In addition, adding a label to your query enables you to search for these queries using these labels in the Query Library.
To add a query to your personal query library.
- Save a query to your personal query library.You can do this in two ways.
- From XQL Search
- Select.InvestigationQuery BuilderXQL Search
- Select.Save asQuery to Library
- From the Query Center
- Select.InvestigationQuery Center
- Locate the query that you want to save to your personal query library.
- Right-click anywhere in the query row, and selectSave query to library.
- Set these parameters.
- Query Name—Specify a unique name for the query. Query names must be unique in both private and shared lists, which includes other people’s queries.
- Query Description—(Optional) Specify a descriptive name for your query.
- Labels—(Optional) Specify a label that is associated with your query. You can select a label from the list of predefined labels or add your label and then selectCreate Label. Adding a label to your query enables you to search for queries using this label in the Query Library.
- Share with others—You can either set the query to be private and only accessible by you (default) or move the toggle toShare with othersthe query, so that other users using the same tenant can access the query in their Query Library.
- ClickSave.A notification appears confirming that the query was saved successfully to the library, and closes on its own after a few seconds.Your query that you added is now listed as the first entry in theQuery Library. The query editor is opened to the right of the query.
- Other available options.As needed, you can return to your queries in theQuery Libraryto manage your queries. Here are the actions available to you.
- Edit the name, description, labels, and parameters of your query by selecting the query from theQuery Library, hovering over the line in the query editor that you want to edit, and selecting the edit icon to edit the text.
- Search query data and metadata—Use the Query Library’s powerful search mechanism that enables you to search in any field related to the query, such as the query name, description, creator, query text, and label. TheSearch query data and metadatafield is available at the top of your list of queries in theQuery Library.
- Show—Filter the list of queries from theShowmenu. You can filter by thePalo Alto Networksqueries provided with Cortex XDR, filter by the queriesCreated by Me, or filter by the queriesCreated by Others. To view the entire list,Select all(default).
- Save as new—Duplicate the query and save it as a new query. This action is available from the query menu by selecting .
- Share with others—If your query is currently unshared, you can share with other users on the same tenant your query, which will be available in their Query Library. This action is only available from the query menu by selecting when your query is unshared.
- Unshare—If your query is currently shared with other users, you canUnsharethe query and remove it from their Query Library. This action is only available from the query menu by selecting when your query is shared with others. You can onlyUnsharea query that you created. If another user created the query, this option is disabled in the query menu.
- Deletethe query. You can only delete queries that you created. If another user created the query, this option is disabled in the query menu when selecting .
Recommended For You
Recommended videos not found.