🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Search History

search queries advanced search query language builder


The History section of Advanced Search allows you to view searches previously executed by you or other users in your organization from up to 30 days ago. Searches are automatically added to the History table upon execution.

View Search History View Search History

Note

A grayed-out entry in the table indicates the search is in progress. Update the table to refresh the contents and view the results of a pending search once it has completed.

Where is Search History?

Select Advanced Search from the Secureworks® Taegis™ XDR left navigation menu, and then access Search History by selecting History.

Filter Search History

If you are looking for a particular search query that was run within the last 30 days, enter a term in the Filter search history field. The table filters by any text entered in this field, including a full date in month/day/year format, such as 10/31/20.

Filter Search History Filter Search History

Note

The complete date and time a query was submitted appear when you mouse over an entry in the Submitted column, showing the expected syntax for filtering by date or time.

Submitted Date & Time

Submitted Date & Time

Sort Search History

The History table is sorted by the Submitted column by default. Select one of the other column headers to sort ascending or descending by that column's content instead.

Update Search History Table

Refresh the History table to show updated results for searches that were pending, which show as grayed out until complete, or to load new searches that may have been run in your tenant since the last time the table loaded.

Select Update above the table and the contents refresh.

Update Search History

Update Search History

View Query Parameters

To view the parameters for a search from the History table, select the overflow menu icon from the Actions column of the desired row and then choose Edit. The parameters load in the Advanced Search query builder. You can edit the query as desired, and save the parameters as a new Saved Search.

View Query Results

The Results column contains the number of results for Events searches, as these results remain static. For Alerts searches, the Results column contains a View link, as these results may change after a search is executed if any of the alerts have been resolved.

Select the link from the Results column to view the results.

View Query Results View Query Results

Share Search Results

You can share a link to the results of an advanced search to provide to other users in your tenant. Select the share ( Share Search ) icon above the search results table and the link to the results copies to your clipboard.

Share Search Results

Share Search Results

Note

Anyone you share the results link with must be a XDR user and have an account in the tenant the search is from.

 

On this page: