Query.AI

Query.AI

Query.AI is a decentralized data access and analysis technology that simplifies security investigations across disparate platforms, without data duplication.

In order to use this integration you need the following:

  1. The URL of Query.AI Proxy component (see below)
  2. An email registered with Query.AI belonging to your Organization
  3. The API key associated with above email
  4. Platform Connection Details of any platform integrated via Query.AI you wish to connect to (This can be overridden while executing commands)

BASE_URL

The base URL would be of the Query.AI Proxy . Replace with hostname and port of the Query.AI Proxy component running in your environment.

Configure Query.AI on Demisto

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Query.AI.
  3. Click Add instance to create and configure a new integration instance.
  4. Click Test to validate the URLs, email, API Key and connection.
ParameterDescriptionRequired
urlQuery.AI Proxy URLTrue
emailEmail registered with Query.AITrue
license_keyQuery.AI API KeyTrue
aliasDefault Platform Alias to retrieve dataTrue
connection_paramsDefault Connection params as JSON object. Eg - {"platform_alias":{"username":"my_username","password":"my_password"}}True
timeoutRequest Timeout (in seconds). Default value is 60 seconds but it may take longer time to retrieve data based upon your data platform.False
proxyUse system proxy settingsFalse
insecureTrust any certificate (not secure)False

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. Returns response for the query being run on Query.AI: queryai-run-query

1. queryai-run-query


Returns response for the query being run on Query.AI.

Base Command

queryai-run-query

Input
Argument NameDescriptionRequired
querySearch Query.Required
aliasPlatform Alias.Optional
connection_paramsConnection params as JSON object. Eg- {"alias":{"username":"my_username","password":"my_password"}}.Optional
workflow_paramsWorkflow params as JSON object. Eg- {"param1":"value1","param2":"value2"}.Optional
time_textSearch time period.Optional
Context Output
PathTypeDescription
QueryAI.query.resultUnknownResponse after running query.
QueryAI.query.markdown_stringStringReadable Response after running query.
Command Example

!queryai-run-query query="run workflow my_workflow" alias="my_alias" connection_params="{\"my_alias\":{\"username\":\"my_username\",\"password\":\"my_password\"}}" workflow_params="{\"param1\":\"value1\",\"param2\":\"value2\"}" time_text="search 1 year ago to now"

Context Example
{
"QueryAI": {
"query": {
"markdown_string": "### Query.AI Result for the query: run workflow my_workflow\n|agegroupbin|agegroupdesc|\n|---|---|\n| 2 | 18-19 |\n| 3 | 20-21 |\n### Click here to [see details](https://ai.query.ai/login;questions=run%20workflow%20my_workflow;alias=my_alias;queryDuration=search%201%20year%20ago%20to%20now;params=%7B%22param1%22%3A%22value1%22%2C%22param2%22%3A%22value2%22%7D;)",
"result": [
{
"agegroupbin": 2,
"agegroupdesc": "18-19"
},
{
"agegroupbin": 3,
"agegroupdesc": "20-21"
}
]
}
}
}
Human Readable Output

Query.AI Result for the query: run workflow my_workflow

agegroupbinagegroupdesc
218-19
320-21

Click here to see details


Support

For any other assistance or feedback, feel free to contact us.