Save a Query

OctoXLabs supports a variety of asset management use cases, that can be implemented by running the right query. Read about some common use cases are described in the OctoXLabs documentation site, under the Using OctoXLabs category in the Use Cases subcategory.

Use the navigation tree and the search bar to explore the various use cases, that include, but are not limited to:

• Finding Endpoints Missing Agents

• Finding Endpoint Agents Not Functioning Correctly

• Finding Devices Not Being Scanned For Vulnerabilities

• Discovering Cloud Instances Not Being Scanned For Vulnerabilities

• Finding Unmanaged Devices

• Finding Rogue Devices On Privileged Networks

Create and Save a Query

To create and run your own query:

1. From the Devices page, click Query Wizard on the top right corner above the Devices table.

2. The popup opens enables you to add filtering expressions upon different properties of devices. You can create multiple filter expressions and decide on the logical operators between them to create complex filtering conditions.

3. For example, the expression below filters all devices which Windows is their operating system (OS Type) and such devices were seen in OctoXLabs in the last 7 days:

1. The Query Wizard consists of following elements which requires the user input to create a filter expression:

• AND/OR switch

• NOT Flag

• Source drop-down

• Field drop-down

• Operator drop-down

• Value field

• Bracket control

1. To run the query, click Search. To learn more about the Query Wizard and advanced querying, see Creating Queries with the Query Wizard.

2. To change the displayed columns, click Edit Columns on the right side of the page just above the table.

1. Pick any field from any adapter by selecting it on the top left selection. You can also narrow down the list of properties by typing into the search bar.

1. To save a new unsaved query, click Save As next to the query name. The Save as dialog opens, and you can set a name for the new saved query.

To learn more about working with saved queries, see Queries.

Modify an Existing Query

To modify a saved query:

1. Click Saved Queries on the top of search bar.

2. The Saved Queries page opens, displaying all the saved queries.

1. Search for a query and click its record to review its details.

1. Click Run Query to execute it.

Use the Query Wizard to change the query expressions or click Edit Columns to edit the query table columns. You can also:

• Rename a saved query by a single click on the query name.

• Save - Update the saved query you are working on.

• Copy - Save the query results as a new saved query.

To learn more about working with saved queries, see Queries.

To learn more about the Query Wizard elements and advanced querying, see Creating Queries with the Query Wizard.