Views:

Construct powerful query strings to pinpoint the data or objects in your environment that you want to examine.

The Search app provides different search methods, filters, and a Kibana-like query language to identify, categorize, and retrieve your search results. You can automate the search process by saving search queries, configuring the Watchlist, and configuring email notifications when new data is found.
The following table outlines the actions available in the Search app (XDR Threat InvestigationSearch).
Action
Description
Search for predefined threat hunting queries
Click Threat Hunting Queries to search for predefined threat hunting queries from Trend Micro and Cyborg Security based on known threats to aid you in constructing powerful search queries in your own environment.
View search history
Click View Query History to display a list of previous search queries.
You can load criteria from a previous search and perform a new search by clicking the search icon (search.png).
Note
Note
Trend Micro recommends saving search criteria that you may want to use for future queries.
Perform a search
Select a search method, specify criteria, and click Search to search for data.
  • General: Allows you to search all data from your connected products using normalized search criteria
    Tip
    Tip
    Try different search criteria and options to locate the exact data you want.
  • Advanced: Allows you to select the exact source of the data that you want to search
    Note
    Note
    • Some search methods have prerequisite settings that enable the Trend Vision One console to access data necessary for search. Hover over each data source item to view the instructions.
    • The search field criteria that automatically populates, are a direct representation of the database fields for the chosen data source.
Chat with Companion
Click companion-icon.png to start a conversation with Trend Vision One - Companion.
Begin your prompts with Search for or Search in to have Companion create search queries.
Tip
Tip
  • Click Add to Search Query to add the generated search query to the search box.
  • Companion automatically selects the suggested search method when adding queries to the search box.
Save search query
After performing a search, click Save Query, specify a name, and click Save to save the current search query.
Important
Important
  • Saved queries only contain search criteria, not search results.
  • You can only have up to 200 saved queries.
View saved search queries
Click Saved Queries to view saved queries.
View queries in the Watchlist
Click watchlist-button.png to see all saved queries included in the Watchlist.
Select or modify search result views
Click the View drop-down menu to select how the search results are displayed.
For more information, see Creating a custom view for search results.
Import search views
Click the View drop-down menu and select Import Views to import one or more JSON files containing search views.
Export search views
Click export-button.jpg to export the search view to a JSON file.
Related information