Saved Queries and Watchlists

Save queries to quickly find data, share search criteria with your team, and set automated watchlists.

The following table outlines the actions available for saved queries.

Action

Description

Search saved queries

Type in the search field to find saved query names using partial matching.

Import and export the saved query list

Import and export the saved query list in JSON format for use with users of different Trend Micro Vision One consoles.

Note:
  • Saved queries only contain the search criteria, not the search results.

  • When importing a saved query list, the list appends to the existing saved query list and does not overwrite the existing list.

Important:

Do not modify the exported list. You cannot import improperly formatted JSON lists.

Set Watchlists

Toggle the Watchlist control on () to automate the search process and receive email notifications when matching data is found.

Watchlists automatically execute the saved query's criteria (excluding any time period) every 15 minutes on the latest data available. After finding new data matches, the Search app sends an email notification to the configured recipients in the Notifications app.

For more information, see Notifications.

Note:
  • Only applicable for “Publicly available” queries that can match data found in the Endpoint Activity or Detection Data

Share saved queries

Toggle the Publicly available control on () to allow anyone to view and execute the saved query.

Share search results

Create a link to share search results with other Trend Micro Vision One users inside your organization by clicking the Copy Link to Search Results icon ().

Important:
  • Recipients of the link must have the same access permissions to the Trend Micro Vision One console as the person who generates the link.

  • Shared search results retain the time period used when generated.

Manually execute a query

In the Action column, click the following icons to execute a query:

  • : Displays search results in the same tab.

  • : Displays search results in a new tab.

Delete saved queries

To delete a saved query, select the checkbox to the left the saved query and click Delete.

Note:

Only the person who created a saved query has permission to delete the query.