Queries

Query your security data for insights

Queries help you analyze security risks by retrieving relevant data from your connected sources. Querying your data allows you to explore your security posture across different environments, detect potential threats, and uncover critical security insights.

Queries are one of the building blocks that make up an app, alongside canvases, alerts, and workflows (coming soon).

Query real-time collaboration
Query real-time collaboration

Creating queries

There are two ways to create queries:

  • Use Sola AI to ask security-related questions in natural language and generate queries automatically.

  • Write your queries from scratch using the SQL query editor.

Pro tip: Enhance your SQL queries with Sola AI

Sola AI can help you identify the right tables and columns that contain the data you need or refine SQL syntax for more accurate results.

Once created, queries can be saved, published, and modified to refine your insights over time.

Publishing queries

A query extracts a specific dataset from your connected data sources. Publishing a query saves the retrieved dataset as a table in your app. This makes the data set available across your app for:

  • Canvases - Turn query results into charts, graphs, and tables.

  • Alerts - Set up alerts based on query results.

  • Workflows (coming soon) - Automate security actions.

Managing queries

The Query Library is where you can access all queries in your app.

Queries can be:

  • Published - Available for use across the app’s building blocks—canvases, alerts, and workflows—and accessible to all app members.

  • Private drafts - Visible only to you until shared.

Public and private queries in query library
Public and private queries in query library

Queries have two modes:

  • View mode - Displays the last published version of the query.

  • Edit mode - A real-time shared draft, where multiple users can collaborate, edit together, and see changes live before publishing.

Edits are only applied and visible to all app members once published. When you publish, all changes you and others have made are published together.

In the query library, depending on your role permission, you can:

  • View all available queries in your app.

  • Create and modify queries.

  • Duplicate a query to modify it without changing the original.

  • Delete a query. Note: This action cannot be undone. Assets using the query, such as canvases or alert rules, will break or stop working.

To manage your app role permissions, go to Workspace Settings > App Permissions.

Last updated

Was this helpful?