From the Scheduled Queries page, you can perform additional actions to manage your scheduled and reoccurring queries.
View Completed Queries
To view completed queries:
Select → .
Locate the scheduled query for which you want to view previous executions.
If necessary, use the Filter to reduce the number of queries returned.
Right-click anywhere in the query row, select Show executed queries, and choose whether to open the query in the same tab or a new tab.
Cortex XDR filters the queries on the Query Center and displays the results in a new window.
Edit the Query Frequency
Select → .
Locate the scheduled query that you want to edit.
If necessary, use the Filter to reduce the number of queries returned.
Right-click anywhere in the query row and then select Edit.
Adjust the schedule settings as needed, and then click OK.
Disable or Remove a Query
If you no longer need a query you can temporarily disable or permanently remove it.
Select → .
Locate the scheduled query that you want to change.
If necessary, use the Filter to reduce the number of queries returned.
Right-click anywhere in the query row and then select Remove to permanently remove the scheduled query, or Disable to temporarily stop the query from running at the scheduled time. If you disable a query you can later return to the Scheduled Queries page and Enable it.
Rename a Scheduled Query
Select → .
Locate the scheduled query that you want to change.
If necessary, use the Filter to reduce the number of queries returned.
Right-click anywhere in the query row and then select Rename.
Edit the query name as desired, and then click OK.