Get started with XQL queries - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

Learn more about some important information before getting started with XQL queries.

Before you begin running XQL queries, consider the following information:

  • Use the interface to help you build queries

    Cortex XSIAM offers features in the XQL search interface to help you to build queries. For more information see

  • Mitigate long running queries

    Querying the XDM enables searching of Cortex XSIAM's extensive data. We recommend that you use filters to streamline your queries. For more information, see .

  • Understand query defaults and limitations

    Before you run a query, review this list to better understand query behavior and results. For more information, see .

  • Translate Splunk queries to XQL

    If you have existing Splunk queries, you can translate them to XQL. For more information, see .

Tip

If you are new to creating queries, you can also try our simple search templates which can help you get started in understanding how queries work. See Query Builder templates.