The query builder extends the power of Cortex Query Language (CQL), which was initially developed to present scorecard information. The query builder allows you to leverage all of CQL's power to investigate information without building a scorecard.
Because admins and managers are the only users who have the ability to edit scorecards, these users are the only ones who can run queries that talk to third party integrations. Standard users can run queries on custom data and anything else that exists within Cortex, while viewers cannot run queries.
You can access the query builder under Tools in the navigation bar.
Using the CQL builder
The query builder allows you to define your query with the same CQL builder available when defining scorecard rules, so you can take advantage of this feature without needing to learn CQL upfront.
Selecting CQL Builder within the CQL Search will open a modal window that guides you through building a query. First, Choose an integration you want to work with.
Next, choose a rule to evaluate.
The rule that you select will determine the remaining fields that populate.
Once you’ve built your query, select Save rule to generate a CQL translation.
If you want to run a query on more than one rule, type AND into the field and select CQL Builder again.
Repeat the process of building a rule through the CQL builder.
When you click Save rule, your new rule will be appended to the existing query.
Even if you aren’t familiar with CQL, Cortex makes it easy to work with the Query Builder. You can continue adding through the CQL Builder until you’re ready to run it.
CQL and custom data
The query builder is even more powerful when you write CQL expressions directly, especially because it allows you to work with custom data in Cortex. You can add custom data to any service or resource, and you can access custom data from any entity's home page. For example, you may run a vulnerability scan as part of your CI process, and then send that data to Cortex if there isn’t an available integration that can evaluate vulnerabilities.
With the query builder, you can query against any of this custom data. Anything that could possibly show up on a scorecard will display in the query builder, which allows you to essentially use Cortex as a database. Because of how Cortex has structured data, the query builder is highly accurate. In many cases, our query builder can even provide more insight than GitHub search.
Active, recent, and saved queries
Below the CQL Search, you can find Active Queries and Recent Queries.
Active Queries will display the ongoing progress of your query. Once that query completes, it will move under Recent Queries. You can also view all queries conducted in the last 30 days by navigating to the Recent tab in the menu bar.
You can open any recent query to see which services apply. To save a query, open a recent query that’s been run, and click Save query in the top right corner.
From there, you’ll name the query and enter a description, so its purpose is clear to all who view it.
Note: Only admins and managers have the ability to save and publish queries, so not all users will have access to this feature.
Just like with other features in Cortex, Saved queries will display My Queries — those created by you — and Shared Queries, those that other Cortex users have opened.
Queries are not automatically updated, but you can refresh a query at any time by selecting Refresh query on a query's page.
Results will populate as a query runs, so you can watch the list of Matching Services grow. As you apply filters to your list, Cortex will also update the number of Matching Services, so you can easily see at a glance how many services match your requirements.
The query builder gives you the precise information you need with unparalleled accuracy, and Cortex makes it incredibly easy to make sense of that information at a glance.