Queries

Queries help you analyze security risks by retrieving relevant data from your connected sources. Querying your data allows you to explore your security posture across different environments, detect potential threats, and uncover critical security insights.

Queries are one of the building blocks that make up an app, alongside canvases, alerts, and workflows (coming soon).

Creating queries

There are two ways to create queries:

• Use Sola AI to ask security-related questions in natural language and generate queries automatically.

• Write your queries from scratch using the SQL query editor.

Once created, queries can be saved, published, and modified to refine your insights over time.

Publishing queries

A query extracts a specific dataset from your connected data sources. Publishing a query saves the retrieved dataset as a table in your app. This makes the data set available across your app for:

• Canvases - Turn query results into charts, graphs, and tables.

• Alerts - Set up alerts based on query results.

• Workflows (coming soon) - Automate security actions.

Managing queries

The Query Library is where you can access all queries in your app.

Queries can be:

• Published - Available for use across the app’s building blocks—canvases, alerts, and workflows—and accessible to all app members.

• Private drafts - Visible only to you until shared.

Queries have two modes:

• View mode - Displays the last published version of the query.

• Edit mode - A real-time shared draft, where multiple users can collaborate, edit together, and see changes live before publishing.

In the query library, depending on your role permission, you can:

• View all available queries in your app.

• Create and modify queries.

• Duplicate a query to modify it without changing the original.

• Delete a query. Note: This action cannot be undone. Assets using the query, such as canvases or alert rules, will break or stop working.