Supported Data Types
Custom queries can be run against the data types listed below. You can query any field within these data types.- Events
- Alarms
- Vulnerabilities
- Console User Events
- System Events
Unsupported Data Types
The following data types are not supported for custom queries:- Orchestration Rules
- Assets
- Asset Groups
- Users
- Investigations
- Pulses
Field Reference
For a complete list of fields available for querying by data type, refer to the List of Fields section.Aggregations and Other Computation
Refer to the following guidelines as applicable:- All aggregations and computation must be performed directly within the custom query.
- The user is NOT allowed to add any other calculations / operations within the custom query.
- To perform such analysis, generate a CSV report to export the query results and process them offline.