Saved Searches
search queries advanced search query language builder
Whether using Query Language or Builder, Advanced Search queries that you and others in your organization save are available in the Saved Searches panel of Advanced Search.
View Saved Searches
Where is the Saved Searches Panel? ⫘
Select Advanced Search from the Secureworks® Taegis™ XDR left navigation menu and then select Saved Searches from below the Advanced Search query builder or Query Language input field.
Save an Advanced Search Query ⫘
To save an advanced search query:
- Build a search query.
- Select Save Search.
- Enter a name for the search.
- Select Save Search. It is added to the Saved Searches panel.
Save an Advanced Search
Note
Saved search results are retained for 29 days. However, if you are within the alerts & events retention period, described in the retention policy, then it may still be possible to find the original alerts or events by running the same search again.
View Your Saved Searches ⫘
The Saved Searches panel defaults to the My Queries view. This shows all the advanced search queries you have saved.
View Your Saved Searches
View All Saved Searches ⫘
You can see all the advanced search queries other users have saved in your currently selected tenant, including yours, when you select My Organization's at the top of the Saved Searches panel.
View All Saved Searches
Filter Saved Searches ⫘
If you have a large number of saved searches and you’re looking for a particular one or type, enter a term in the Find Saved Searches field; the listed items constrain to your entered criteria.
Tip
You can enter any term or partial term from the saved search query or queries that you’re looking for. For example, if you are looking for all saved queries that use host_id, you can find them by putting host_id or even just host in the filter.
Filter Saved Searches
Sort Saved Searches ⫘
Sort Saved Searches
Sort the Saved Searches list by:
- Most Recent — (Default) Most recently run search queries
- Name — The title of the search query
- Creator — The username of the search’s creator
- Date Created — Newest to oldest search queries
Execute a Saved Search ⫘
Run a saved search by selecting the magnifying glass ( 
) from the Saved Searches panel for the desired query.
Run a Saved Search
Edit a Saved Search ⫘
To load a saved search query into your Advanced Search editor so you can modify it:
- Select the overflow menu icon for the desired query from the Saved Searches panel and then choose Load in Query Editor/Builder.
Edit a Saved Search
- The query displays in your Advanced Search editor. Make any changes you like.
- If you want to save your changes, select Save. This prompts you to save your query as a new saved search.
Tip
You can also edit a saved search after you have run the search, by selecting the edit icon ( 
) from the top bar of the search results.
Note
You can’t overwrite another user’s saved searches. If you modify another user’s search and want to save it, you must save it as your own, new saved search.
Add a Saved Search to an Investigation ⫘
To add a saved search to an investigation:
- Select Advanced Search from the XDR left navigation menu. Advanced Search displays.
- Select Saved Searches and find the saved search you want to add to an investigation from My Queries or My Organization’s.
- Select the overflow menu icon for the desired query and then choose Create New Investigation to add the search query to a new empty investigation or Add to Investigation to add the search query to an existing investigation.
Add a Query to an Investigation
- Follow the prompts for the desired option and select Submit to add the search query.
Note
When you do this, the investigation will include a link to the original search query. Please note that this does not make a copy of the search results. It also does not make a copy of the original alert or event data and does not alter the retention policy for alerts and events.
For more information on this feature, see Link a Saved Search to an Investigation.
Data Retention Policy ⫘
Secureworks retains event and alert data for 12 months from the date the data is received. All other data concerns are covered in the Secureworks Cloud Services Interface Privacy Statement.
Delete a Saved Search ⫘
To delete a saved search query from Saved Searches:
- Select the overflow menu icon for the desired query from the Saved Searches panel and then choose Delete.
- The saved search is deleted.
Delete a Saved Search
Share a Saved Search ⫘
To share a saved search query with another user in your tenant:
- Select the share (
) icon for the desired query from the Saved Searches panel and a link to the query copies to your clipboard. - Share the copied URL with another user with access to this tenant.
Share a Saved Search
Note
Anyone you share the query with must be a XDR user and have an account in the tenant the saved search is from.