Views:

Construct powerful query strings to pinpoint the data or objects in your environment that you want to examine.

XDR Data Explorer provides various filters along with a query language to efficiently identify, categorize, and retrieve query results. You can automate the process by saving queries, configuring the Watchlist, and configuring email notifications when you find new data.
The following table outlines the actions available in XDR Data Explorer (Agentic SIEM & XDRXDR Data Explorer).
Action
Description
Enable expanded variety of data sources
Turn on the toggle to query a variety of data sources for expanded search results.
Run queries
Select Run query from the drop-down list and specify a query to search all data from connected products.
Investigate hosts
Select Investigate host from the drop-down list and specify a hostname or IP address to efficiently hunt and monitor security threats.
Tip
Tip
You can add all of the results of your host investigation to the Host Investigation tab in the Dashboards app for further monitoring by clicking Add Host to Dashboards. To add specific data source detections, click Add to Dashboards.
Create custom filters
Click Create custom filter to create custom filters based on queries for monitoring of suspicious events. Combine multiple custom filters into custom detection models to facilitate the threat hunting process for your organization.
Search for predefined threat hunting queries
Click Threat Hunting Queries to search for predefined threat hunting queries from Trend Micro and Cyborg Security based on known threats to aid you in constructing powerful queries in your own environment.
View query history
Click Query History to display a list of previous queries.
Click search=GUID-6FF43673-2DC5-4AF4-9DB1-22D4BB64FDDE=1=en-us=Low.png to load a previous query or begin a new query. Trend Micro recommends saving queries for future use.
Chat with Trend Companion
Click newCompanionIcon=GUID-20240819112525.jpg to start a conversation with Trend Companion.
Begin your prompts with Query to have Trend Companion create queries.
  • Click Add to Query to add the generated query to the search box.
  • Trend Companion automatically selects the suggested search method when adding queries to the search box.
Save queries
After running a query, click Save Query, specify a name, and click Save.
  • Saved queries do not contain query results.
  • You can only have up to 200 saved queries.
View saved queries
Click Saved Queries to view saved queries.
View queries in the Watchlist
Click watchlist_button=ed41c963-d16b-4c34-8e1a-7b5926521ac7.png to see all saved queries included in the Watchlist.
Select or modify query result views
Click View to select how results are displayed.
For more information, see Create a custom view for query results.
Import query result views
Click View and select Import Views to import one or more JSON files containing query result views.
Export query result views
Click export_button=GUID-C683DEEE-C19C-484D-A5B1-4CA9D1794756=1=en-us=Low.jpg to export the view to a JSON file.
Related information