Frequently Asked Questions
What does Query.AI do?
Query.AI runs as an app on top of SIEMs and log repositories like Splunk and Elastic. With Query.AI, you talk to your data in plain English. You get answers, visualizations and insights on your data. Query.AI also provides an out-of-the-box library of security questions, so you know where to start.
Today's enterprise users of IT data can be more productive and successful if they have quick and easy access to answers and insights needed to do their jobs. Query.AI is the evolution we believe traditional enterprise interfaces need, to make searching and investigating enterprise log data more effective. We want you to really "talk" (via voice, chat, or automated workflows) to your data platform, beyond just using traditional consoles to interact with your data.
Query.AI also provides a platform for defining and automating your investigative use-cases, and collaborating with internal / external teams over defining and managing them as workflows.
What is the deployment architecture?
Query.AI AI Analyst console (AI Console for short) runs in your browser and helps you manage and run IT / security investigations on your enterprise IT log data platform such as Splunk, Elasticsearch (ELK, SecurityOnion), and other platforms. The AI console is available as a standalone Web UI console or as an app embedded in your native log platform's UI to work seamlessly with it. There is also a desktop application version for regular users.
AI console is served from cloud and runs serverless. It directly interacts with log data stored in your local log platform using your platform's APIs. Beyond the API access config done in your log platform, there is no software or hardware installation needed. Also, data does not move out of your current log platform to Query.AI's cloud. No external access needs to be enabled as well and no firewall changes are involved.
What log data platforms are supported? And what if I am on a different platform?
Currently we support Splunk and Elastic stack (ELK, Security Onion and other distros that bundle Elasticsearch).
Our core technology is platform-neutral and we are working to support other SIEM and log management platforms as well: ArcSight Logger, QRadar, SumoLogic, AWS CloudTrail, Azure Sentinel, and GCP-Backstory. Please let us know if you would like to partner with us to prioritize integration with one of these platforms.
We are using two log platforms from different vendors. Would Query.AI work transparently?
Query.AI is even more relevant if you have multiple log platforms, because then Query.AI can transparently and homogeneously provide answers, insights, automation and collaboration features combining results from both platforms. Data stays at its original place in your log platforms and is not copied or duplicated.
Query.AI can also act as a bridge if you are transitioning from one platform to another.
Does Query.AI work with on-prem log data or with logs that are in cloud?
Query.AI is agnostic to whether your current log / SIEM platform is on-prem or in cloud. Our current customers are a mix of on-prem and cloud environments. Query.AI accesses your log / SIEM repository via that platform's APIs, wherever you have data.
I have not yet deployed a log or SIEM platform. Can I still use Query.AI?
If you don't yet have a log platform, Query.AI will work with you to deploy the relevant Elastic stack components starting with Elasticsearch, Logstash and Kibana. The deployment can be on-prem, or in Cloud.
What are steps to POC?
Query.AI is easy to try and would be up in minutes. Here are the steps:
Register at https://ai.query.ai/live to obtain a free license key.
Based upon your data platform, configure account and access to the API port of your data platform. (Typically this is happening inside your network, so no firewall changes are needed.) Platform specific configuration steps are provided upon registration.
Just login and you are up and running now. Contact to schedule a guided product walk-through online-meeting in your environment.
I am now logged into Query.AI console. How do I use it?
Once you have logged in into your POC environment, you can start at the AI Console asking questions in natural language such as “Show me all alerts from last week”, “Show me all activity from the user xxx”, “Show me all event data involving IP x.x.x.x”. Questions can be via voice or text. The AI console allows for more direct command execution as well in your platform's search syntax.
Next, AI console starts to provide automated insights on your data. It also lets you capture your series of questions into investigative workflows that can be automatically executed. You can even collaborate with your partners over your investigative use-cases.
Once you are logged in, make sure to go through the intro tour videos. Next you can consult our online help documentation for more details on the features and functionality.
What about access and privacy?
Query.AI pushes its analytics and execution logic to where the data resides in your data platform. Therefore, data does not move out of your data platform. It is never duplicated either. A subset of data is visualized in your browser, which is entirely inside your network. Your questions are saved in cloud sans data. You control who else in your team sees your questions. Even Query.AI Support does not have access to your questions, until you explicitly select and share for support assistance.
We are MSSPs. Is Query.AI relevant for us?
Yes, absolutely. Query.AI has features especially designed for MSSPs. You can expose Query.AI as your MSSP console to your clients or embed it in your existing console. The value-adds are the plain English driven "AI Analyst", answers, insights and analytics visualizations. Query.AI console also has tools that will let you capture use-cases from customers, and then define, expand and collaborate over them. Finally, you can also show results and metrics on your collaboration.
I am an independent consultant. Is Query.AI relevant for me?
Yes, absolutely. Query.AI has features especially designed for independent cybersecurity consultants. You can partner with your clients by forming private communities and collaborating over use-cases and results. Your clients will also benefit from the easy plain English driven questions, answers, insights and analytics visualizations that are available through Query.AI interface. Query.AI console has tools that will let you capture use-cases from customers, and then define, expand and collaborate over them as "workflows". Finally, you can also show results and metrics on your work.