Search App

Construct powerful query strings to pinpoint the data or objects in your environment that you want to examine.

The Search app provides different search methods, filters, and a Kibana-like query language to identify, categorize, and retrieve your search results. You can automate the search process by saving search queries, configuring the watchlist, and configuring email notifications when new data is found.

Tip:

Click Open Guide to view use cases and helpful search tips.

The following table outlines the actions available in the Search app (XDR Threat Investigation > Search).

Action

Description

Perform a search

Select a search method, specify criteria, and click Search to search for data.

  • General: Allows you to search all data from your connected products using normalized search criteria

    Tip:

    Try different search criteria and options to locate the exact data you want.

  • Advanced: Allows you to select the exact source of the data that you want to search

    Note:
    • Some search methods have prerequisite settings that enable the Trend Micro Vision One console to access data necessary for search. Hover over each data source item to view the instructions.

    • The search field criteria that automatically populates, are a direct representation of the database fields for the chosen data source.

View search history

Click View History to open the Search History panel, which displays a list of previous searches.

You can load criteria from a previous search and perform a new search by clicking the search icon ().

Note:

Your browser saves the Search History data locally until you clear the browser cache. Trend Micro recommends saving search criteria that you may want to use for future queries.

Save search query

After performing a search, click Save query, specify a name, and click Save to save the current search query.

Important:
  • Saved queries only contain search criteria, not search results.

  • You can only have up to 200 saved queries.

View saved search queries

Click Saved Queries to open the Saved Queries dialog.

View queries in the watchlist

Click the Watchlist button () to see all saved queries included in the watchlist.

Modify the default column view

By default, the Search app only displays the Logged column in the results table. To change the default column view, see Modifying the Default Column View.

Import search profiles

In the Profile list, click Import profiles and select one or more JSON files containing search profiles to import search profiles.

Export search profiles

In the Profile list, hover over a search profile and click the export icon () to export the search profile to a JSON file.