Custom Queries

To send the query to the specified endpoints click Run Query. The results will be returned in the right pane.

Study the results and the SQL statement to learn how to edit catalog queries and write your own SQL to follow your investigation wherever it leads. You can edit the query and click Run Query again; the results will refresh.

Download

The Download function allows you to download the records of all the results of the active ad hoc query. The records retrieved using Download can be either formatted in a Comma Separated Value (CSV) file or a JavaScript Object Notation (JSON) file.

To download the active query results:

1. Click Download.

2. Select the file type, either JSON or CSV.

3. Click download is ready. This will download the ad hoc query results in a ZIP file.

More Info

• Investigation

• The Orbital Builder

• Using Queries

• Using Scheduled Queries

• Using Linked Queries