Query.AI

Query.AI#

Query.AI is a decentralized data access and analysis technology that simplifies security investigations across disparate platforms, without data duplication.

In order to use this integration you need the following:

  1. The URL of Query.AI Proxy component (see below)
  2. An account registered with Query.AI belonging to your Organization
  3. The API token associated with above account
  4. Platform Connection Details of any platform integrated via Query.AI you wish to connect to (This can be overridden while executing commands)

BASE_URL#

The base URL would be of the Query.AI Proxy . Replace with hostname and port of the Query.AI Proxy component running in your environment.

Configure Query.AI on Demisto#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Query.AI.
  3. Click Add instance to create and configure a new integration instance.
  4. Click Test to validate the URL, API token and connection.
ParameterDescriptionRequired
urlQuery.AI Proxy URLTrue
api_tokenQuery.AI API tokenTrue
aliasDefault Platform Alias to retrieve dataTrue
connection_paramsDefault Connection params as JSON object. Eg - {"platform_alias":{"username":"my_username","password":"my_password"}}True
timeoutRequest Timeout (in seconds). Default value is 60 seconds but it may take longer time to retrieve data based upon your data platform.False
proxyUse system proxy settingsFalse
insecureTrust any certificate (not secure)False

Commands#

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Returns response for the query being run on Query.AI: queryai-run-query

1. queryai-run-query#


Returns response for the query being run on Query.AI.

Base Command#

queryai-run-query

Input#
Argument NameDescriptionRequired
querySearch Query.Required
aliasPlatform Alias.Optional
connection_paramsConnection params as JSON object. Eg- {"alias":{"username":"my_username","password":"my_password"}}.Optional
workflow_paramsWorkflow params as JSON object. Eg- {"param1":"value1","param2":"value2"}.Optional
time_textSearch time period.Optional
Context Output#
PathTypeDescription
QueryAI.query.resultUnknownResponse after running query.
QueryAI.query.markdown_stringStringReadable Response after running query.
Command Example#

!queryai-run-query query="run workflow my_workflow" alias="my_alias" connection_params="{\"my_alias\":{\"username\":\"my_username\",\"password\":\"my_password\"}}" workflow_params="{\"param1\":\"value1\",\"param2\":\"value2\"}" time_text="search 1 year ago to now"

Context Example#
{
"QueryAI": {
"query": {
"markdown_string": "### Query.AI Result for the query: run workflow my_workflow\n|agegroupbin|agegroupdesc|\n|---|---|\n| 2 | 18-19 |\n| 3 | 20-21 |\n### Click here to [see details](https://app.query.ai/login;questions=run%20workflow%20my_workflow;alias=my_alias;queryDuration=search%201%20year%20ago%20to%20now;params=%7B%22param1%22%3A%22value1%22%2C%22param2%22%3A%22value2%22%7D;)",
"result": [
{
"agegroupbin": 2,
"agegroupdesc": "18-19"
},
{
"agegroupbin": 3,
"agegroupdesc": "20-21"
}
]
}
}
}
Human Readable Output#

Query.AI Result for the query: run workflow my_workflow#

agegroupbinagegroupdesc
218-19
320-21

Click here to see details#


Support#

For any other assistance or feedback, feel free to contact us.