Get started with Query Builder templates - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Cortex XSIAM
Creation date
Last date published
Administrator Guide

Information to help you get started with Query Builder templates.

Before you start running queries with Query Builder templates, consider the following information:

  • Learn about the templates: Although the templates don’t require XQL knowledge, they do require knowledge of operators and other factors. Understanding how the templates work will help you to build effective queries. For more information, see Considerations for using Query Builder templates.

  • Look up field and alias descriptions: The templates are based on the fields and aliases in the Cortex Data Model (XDM). If you want more information about a field or alias, see the XSIAM Cortex Data Model Schema Guide.

  • Try out our examples: To help you feel confident with Query Builder templates, start by following our step-by-step examples and tailor them for your environment. For more information, see Query Builder template examples.