Lab 10 - Creating a Query Template for the Threat Intel Lookup
Create query templates so your team doesn't need to understand query languages to use your threat intel.
Using the same query from the previous lab, let's create a simple query template for future use. We will create a parameter in our query so we can easily input an IOC for testing.
-
Highlight the IP address (including the double quotes) and click Create a parameter.
-
In the dialog box, enter a Parameter Name and Description and click on Save.
-
You can now use this Search Template to test any of the sample IOCs listed, or any of your own.
-
Lastly, don't forget to share this template with your team. Closing the query box allows you to only present the Parameters box, making it easier for non-technical users to simply enter a parameter and get query results.