Skip to main content
USM Anywhere supports advanced query capabilities, enabling you to write custom searches using Structured Query Language (SQL) or Piped Processing Language (PPL) syntax. Compared to traditional filters or orchestration rules, this feature provides more flexibility and precision; thereby, helping to uncover insights that may not be visible in standard dashboards. Key capabilities of Advanced Query include:
  • Custom Queries: Perform targeted searches across events, alarms, vulnerabilities, and more.
  • Saved Queries: Store and reuse queries for future investigations.
  • Flexible Output: View results in the USM Anywhere interface, or export them as CSV files for offline analysis.
  • Scheduled Execution: Run queries automatically on a recurring schedule. The output can be sent via email.
This enhancement gives you greater control over your data as it streamlines threat detection, reporting, and investigation workflows. This topic discusses the following: