Advanced SQL Query Module
Access the Advanced SQL Query Module
-
In the top menu, select Investigations. Select the investigation that contains the indicator generated by the hunting rules, or create a new investigation by clicking the New investigation button in the upper-right corner of the page. For more information, see Create an Investigation.
-
In the tab menu, click the
icon to open the context menu. Select Advanced SQL query. The query editor page opens. This page is divided into these sections:
-
Queries side panel (1): Enables you to access previously saved queries and the data model.
-
Advanced SQL query panel (2): Enables you to create new queries or edit previously created ones.
-
Results panel (3): Shows the results of the queries.
-
Required Permissions
The user account requires the Access to advanced queries permission to run SQL statements. The results that analysts get are restricted to those clients visible to their user account. See Access, Control, and Monitor the Analysis Console.