Search App

Construct powerful query strings to pinpoint the data or objects in your environment that you want to examine.

The Search app provides different search methods, filters, and a Kibana-like query language to identify, categorize, and retrieve your search results. You can automate the search process by saving query criteria, creating Watchlists, and configuring email recipients when new data is found.

For more information, see Saved Queries and Watchlists.

The following table outlines the actions available in the Search app.

Action

Description

Perform a search

Select a search method, specify criteria, and click Search to start a query.

  • General: Allows you to search all data from your connected products using normalized search criteria

    Note:

    Not all products share the same database fields so you may have to try several different criteria options to locate the exact data you want.

  • Advanced: Allows you to select the exact source of the data that you want to search

    Note:

    The search field criteria that automatically populates, are a direct representation of the database fields for the chosen data source.

View search history

Click View History to open the Search History panel, which displays a list of previous searches.

You can load criteria from a previous search and perform a new search by clicking the search icon ().

Note:

Your browser saves the Search History data locally until you clear the browser cache. Trend Micro recommends saving search criteria that you may want to use for future queries.

Save search query

After performing a search, click Save query, type a name, optionally make the query Publicly available, and click Save to save the current search query.

Note:

Saving the query only saves the search criteria, not the search results. Use a saved query to find new data related to the same criteria.

View saved search queries

Click Saved Queries to open the Saved Queries panel, which displays a list of saved search queries.

  • Toggle the Publicly available control on () to allow anyone to use the query

  • Click the search icon () to display the related search criteria.

View search results

The search results area allows you to change the focus of the search data based on DATA GROUPING.

Note:

By default, the Search app only displays the Logged column in the results table. To change the default column view, see Modifying the Default Column View.
  • Search Actions
    Context menus provide additional search options that you can access during an investigation, after encountering objects or data that you want to further explore.
  • Search Syntax: Simple Search
    The Search app allows you to perform free form searches to access your Endpoint Activity Data and Detections.
  • Search Syntax: Complex Queries
    The Search app allows you to perform powerful queries to access your data across endpoint, messaging, and network products, or to focus solely on security detections.
  • Saved Queries and Watchlists
    Save queries to quickly find data, share search criteria with your team, and set automated watchlists.
  • Modifying the Default Column View
    Search profiles allow you to define the columns that display in the search results table.
  • Data Mapping Tables
Parent topic: Common Apps