Use the following guidelines to understand which data types and fields are available for use custom queries.Documentation Index
Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
Use this file to discover all available pages before exploring further.
Supported Data Types
Custom queries can be run against the data types listed below. You can query any field within these data types.- Events
- Alarms
- Vulnerabilities
- Console User Events
- System Events
Unsupported Data Types
The following data types are not supported for custom queries:- Orchestration Rules
- Assets
- Asset Groups
- Users
- Investigations
- Pulses
Field Reference
For a complete list of fields available for querying by data type, refer to the List of Fields section.Aggregations and Other Computation
Refer to the following guidelines as applicable:- All aggregations and computation must be performed directly within the custom query.
- The user is NOT allowed to add any other calculations / operations within the custom query.
- To perform such analysis, generate a CSV report to export the query results and process them offline.