Skip to main content
Sumo Logic

Lab 10 - Creating a Query Template for the Threat Intel Lookup

  1. Last updated
  2. Save as PDF
Create query templates so your team doesn't need to understand query languages to use your threat intel.

Using the same query from the previous lab, let's create a simple query template for future use. We will create a parameter in our query so we can easily input an IOC for testing.

  1. Highlight the IP address (including the double quotes) and click Create a parameter.

Image of highlighting text in the query to create parameter for query template.

  1. In the Manage Parameter Settings dialog box, enter a Parameter Name and Description and click on Save

Image of parameter view

  1. You can now use this Search Template to test any of the sample IOCs listed, or any of your own.

  2. Use the 3 vertical dots to edit or delete the parameter. Click on the Screen Shot 2020-02-23 at 10.12.59 AM.png in the upper right corner to preview the final query.

Screen Shot 2020-02-23 at 10.14.54 AM.png

  1. Lastly, don't forget to share this template with your team. Closing the query box allows you to only present the Parameters box, making it easier for non-technical users to simply enter a parameter and get query results.