> For the complete documentation index, see [llms.txt](https://docs.vectra.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vectra.ai/operations/analyst-guidance/advanced-search-reference-guide-qux.md).

# Advanced search reference guide (QUX)

{% hint style="info" %}
**Please Note:**

Advanced Search is only available in the Quadrant UX. If you are using the Respond UX, Advanced Investigation (the **Investigate** menu in your UI) should be used instead.

If you are unsure which UX you are using, please see: [Vectra Analyst User Experiences (Respond vs Quadrant)](/deployment/getting-started/analyst-ux-options-rux-vs-qux.md) for more information.
{% endhint %}

## General Notes

From within either of the Account, Host or Detections page clicking on ”Advanced” switches to Advanced search.

* The search will be pre-populated with Advanced string equivalences that were set in the previous Basic Search.
* Similar to the Basic view the search shows Search Matched reasons and supports Browser bookmarking.
* Advance search supports “Contains” search and more targeted searches.
* Search Suggestions provided in Search Bar with autocomplete functionality.
* Shows up to 5 suggested values to search.
* Shows up to 5 previous searches from the same page (you can clear your searches in your individual user. settings - note this could be a Sidekick account).
* Shows up to 5 intial field suggestions to search. but if you scroll shows all.
* Unlike Basic Search, \<ENTER>, must be pressed for Search to be executed.
* Date Picker is provided for fields that require a timestamp value.

## Syntax Guidance

**Operators** (supported as Upper/Lower Case)

* AND
* OR
* NOT
* Parentheses for enforcing order of operations

**Comparisons**

* •:
* :>
* :>=
* :<
* :<=

**Range**

* \[ 1 to 100 ]

**Value Types**

* text
* long
* date
  * now-28d
  * 2021-08-17T1400
* boolean
  * True | False

## Fields Available

In addition to the attached .pdfs that show the fields available for Host, Account, or Detection data, after authenticating/logging into your Quadrant UX GUI you can construct a URL as shown below to get a current list of fields available.

* https\://\[your\_QUX\_URL]/api/app/searchSuggestions/allHosts?search=host.\&size=10000
  * Index of all Host Advanced Search Fields
* https\://\[your\_QUX\_URL]/api/app/searchSuggestions/allDetections?search=detection.\&size=10000
  * Index of all Detection Advanced Search Fields
* https\://\[your\_QUX\_URL]/api/app/searchSuggestions/allAccounts?search=account.\&size=10000
  * Index of all Account Advanced Search Fields

### Attachments

{% file src="/files/7H8Qs4WOzlQyggkIobSf" %}

{% file src="/files/9iIdUszY4LzzfhK2RO7a" %}

{% file src="/files/OzXCXavK7LTxYoIGRE1H" %}

{% file src="/files/Hf4CGb9f098DqkLSaGq4" %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.vectra.ai/operations/analyst-guidance/advanced-search-reference-guide-qux.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.