search

Advanced search reference guide (QUX)

This article provides guidance for using the Advanced Search feature that is part of Quadrant UX deployments.

hashtag
!! Please note that Advanced Search is only available in the Quadrant UX. If you are using the Respond UX, Advanced Investigation (the "Investigation" menu in your UI) should be used instead.

hashtag
!! Please see attachments to this KB for lists of fields available for use in Advanced Search along with a quick guide.

hashtag
General Notes

From within either of the Account, Host or Detections page clicking on ”Advanced” switches to Advanced search.

  • The search will be pre-populated with Advanced string equivalences that were set in the previous Basic Search.

  • Similar to the Basic view the search shows Search Matched reasons and supports Browser bookmarking.

  • Advance search supports “Contains” search and more targeted searches.

  • Search Suggestions provided in Search Bar with autocomplete functionality.

  • Shows up to 5 suggested values to search.

  • Shows up to 5 previous searches from the same page (you can clear your searches in your individual user. settings - note this could be a Sidekick account).

  • Shows up to 5 intial field suggestions to search. but if you scroll shows all.

  • Unlike Basic Search, <ENTER>, must be pressed for Search to be executed.

  • Date Picker is provided for fields that require a timestamp value.

hashtag
Syntax Guidance

  • Operators (supported as Upper/Lower Case)

    • AND

    • OR

    • NOT

    • Parentheses for enforcing order of operations

  • Comparisons

    • •:

    • :>

    • :>=

    • :<

    • :<=

  • Range

    • [ 1 to 100 ]

  • Value Types

    • text

    • long

    • date

      • now-28d

      • 2021-08-17T1400

    • boolean

      • True | False

hashtag
Fields Available

In addition to the attached .pdfs that show the fields available for Host, Account, or Detection data, after authenticating/logging into your Quadrant UX GUI you can construct a URL as shown below to get a current list of fields available.

  • https**:**//[your_QUX_URL]/api/app/searchSuggestions/allHosts?search=host.&size=10000

    • Index of all Host Advanced Search Fields

  • https**:**//[your_QUX_URL]/api/app/searchSuggestions/allDetections?search=detection.&size=10000

    • Index of all Detection Advanced Search Fields

  • https**:**//[your_QUX_URL]/api/app/searchSuggestions/allAccounts?search=account.&size=10000

    • Index of all Account Advanced Search Fields

hashtag
Attachments

file-pdf
147KB
Advanced_Search_Reference_Guide.pdf
PDF
arrow-up-right-from-squareOpen
file-pdf
118KB
Advanced Search - Accounts.pdf
PDF
arrow-up-right-from-squareOpen
file-pdf
157KB
Advanced Search - Hosts.pdf
PDF
arrow-up-right-from-squareOpen
file-pdf
239KB
Advanced Search - Detections.pdf
PDF
arrow-up-right-from-squareOpen
PreviousInvestigate Quick Start Guide (prior to SQL search)NextRecall custom models - how to create detections (QUX)

Last updated

Was this helpful?