Simplify the way
you search security data

Query is a federated search solution that enables you to
access and get answers from your security data — wherever it is stored.
The Query federated search, data source connectivity, and data normalization platform.

Why Query Federated Search?

Visibility & Access

Security-relevant data is hard to manage and hard to use. While the ideal for some SecOps/IR programs is to centralize around their SIEM(s), the reality is that analysts often have to break context and concentration as the path of an investigation typically requires them to hop into other tools.

Query is an API bridge to your data wherever it is, making the security data across your environment more readily accessible and actionable regardless of its location. With Federated Search and in-flight data normalization, Query can search and surface relevant information to analysts in real-time, no matter where the data is stored. By not forcing you to use a pipeline to pre-process data, or to duplicate data, Query allows security teams to:

  • Rapidly onboard data sources – and we never duplicate or store your data.
  • Search for relevant data beyond the scope of normal security tools: ERP, HRIS, and business applications.
  • Use more data, better. Query normalizes, enriches, correlates, collates, deduplicates and explores data without the usage of pipelines, SDKs, or external tools.
  • Deepen existing ROI on tools and their data by providing easy data access to analysts and operators of all skill levels.
Choice & Control

Security-relevant data volumes continue to increase, with no sign of slowing down. Whether it is expanding costs of ingestion and storage in SIEMs, or increasing compute costs in lakes, warehouses and XDRs – the cost of security is steadily increasing too, leading to tradeoffs between data availability, currency, detection efficacy and the overall effectiveness of your security program.

Query allows data to be searched no matter where it is, without charging analysts and operators extra for compute, storage or ingestion. Query deconflicts IT spend from achieving security outcomes. This includes:

  • Deploying API bridges into, and across, all of your data stores: object, lakes, SIEMs, warehouses, and directly from the source APIs.
  • Accessing archived, historical and real-time data – from event logs to CMDB entries to security findings.
  • Avoiding vendor lock-in and accelerating SecOps-related migration and transformation projects by plugging the data gaps as-you-go via federated search access to all relevant data stores.
Speed & Precision

When it comes to investigating an incident or threat, analysts, detection engineers, and other operators need access to data – fast. Query is unparalleled here, providing both first party connectors to security-relevant data providers and easy access to dynamic schemas such as those in Splunk indices, Snowflake, Google BigQuery and Amazon S3.

With the combination of speed & precision that Query federated search provides, your analysts can close their OODA Loop faster, your detection engineers can interdict distinct threats and tradecraft quicker than traditional SIEMs and XDRs, and all other operators can benefit from gaining access to all the relevant data they ever need. Operators can:

  • Use only a single search window with visual context to provide immediate, deep understanding of the issue.
  • Pivot seamlessly into follow on searches all within the Query platform.
  • As new data sources are identified as relevant to your investigation, add them on the fly, accessing new data in time to support your investigation as it develops.
  • Better enable your talent and reduce the burnout most analysts experience as a result of repetitive manual task fatigue.

Get started with Query in
three easy steps!

You’ll be searching your data in less than 30 minutes.


Create an
Account & Organization

Your first Organization is usually your company, but it could also represent a team or other group.

query platform signup


Connect your

Set up Integrations, which are connections to data sources. You will need your access credentials, which could be URL, API keys, auth tokens, etc. Check out the available Integrations in the next section.

query platform integrations


Perform your
first Query!

Start typing using natural language to instantly search across all of your connected integrations!

query federated search app for splunk

Industry Feedback

To top