Views:

Construct powerful query strings to pinpoint the data or objects in your environment that you want to examine.

The Search app provides different search methods, filters, and a Kibana-like query language to identify, categorize, and retrieve your search results. You can automate the search process by saving search queries, configuring the Watchlist, and configuring email notifications when you find new data.
The following table outlines the actions available in the Search app (XDR Threat InvestigationSearch).
Action
Description
Enable the new Search
Turn on the toggle to use the new Search to query a variety of data sources for expanded search results.
Search for predefined threat hunting queries
Click Threat Hunting Queries to search for predefined threat hunting queries from Trend Micro and Cyborg Security based on known threats to aid you in constructing powerful search queries in your own environment.
View search history
Click Query History to display a list of previous search queries.
Click search (search=GUID-6FF43673-2DC5-4AF4-9DB1-22D4BB64FDDE=1=en-us=Low.png) to load criteria from a previous search or begin a new search. Trend Micro recommends saving search criteria that you may want to use for future queries.
Perform a search
Select a search method, specify criteria, and click Search to search for data.
  • General: Allows you to search all data from your connected products using normalized search criteria
    Tip
    Tip
    Try different search criteria and options to locate the exact data you want.
  • Advanced: Allows you to select the exact source of the data that you want to search
    Note
    Note
    • Some search methods have prerequisite settings that enable the Trend Vision One console to access data necessary for search. Hover over each data source item to view the instructions.
    • The search field criteria that automatically populates, are a direct representation of the database fields for the chosen data source.
Chat with Trend Companion
Click newCompanionIcon=GUID-20240819112525.jpg to start a conversation with Trend Companion.
Begin your prompts with Search for or Search in to have Trend Companion create search queries.
  • Click Add to Search Query to add the generated search query to the search box.
  • Trend Companion automatically selects the suggested search method when adding queries to the search box.
Save search query
After performing a search, click Save Query, specify a name, and click Save to save the current search query.
  • Saved queries only contain search criteria, not search results.
  • You can only have up to 200 saved queries.
View saved search queries
Click Saved Queries to view saved queries.
View queries in the Watchlist
Click watchlist_button=ed41c963-d16b-4c34-8e1a-7b5926521ac7.png to see all saved queries included in the Watchlist.
Select or modify search result views
Click View to select how the search results are displayed.
For more information, see Create a custom view for search results.
Import search views
Click View and select Import Views to import one or more JSON files containing search views.
Export search views
Click export_button=GUID-C683DEEE-C19C-484D-A5B1-4CA9D1794756=1=en-us=Low.jpg to export the search view to a JSON file.
Related information