Skip to main content
All CollectionsTemplatesBasic
Query Logs on Singularity XDR with Pagination - Workflow Template
Query Logs on Singularity XDR with Pagination - Workflow Template

This workflow serves as a function that executes a query in Singularity XDR.

Updated over 6 months ago

This workflow template is designed for threat hunting scenarios, offering the capability to execute diligent searches within Singularity XDR. By calculating time ranges and running specified queries with optional parameters, the workflow systematically spans across paginated results—fetching continued datasets until no continuationToken remains. This ensures comprehensive retrieval of all relevant log entries for a given query, bolstering security analysis and incident response efforts.

Take Me to the Template

Optional Triggers

"This workflow is intended for use as a function."

Use Cases

Function, Threat Hunting

Workflow Breakdown

  1. Calculates the end and starting time of the query.

  2. Runs a query using the filter and, if applicable, optional parameters derived from the event.

  3. Paginates over results UNTIL no 'continuationToken' is provided.

Vendors

Utils, Singularity XDR

Workflow Output

Output contains all items available for the given query on a time range.

Related Articles
Fetch New QRadar Offenses with Pagination - Workflow Template
Send Torq Audit and Activity Logs to Singularity XDR - Workflow Template
Threat Hunt for a Specified SHA1 Signature in SingularityXDR - Workflow Template
Gather QRadar Events for a Given Offense - Workflow Template
Enrich SentinelOne Threat Finding and Run Singularity XDR Search - Workflow Template
Did this answer your question?