Saved Queries
View, edit, and manage user-created and pre-built Queries
Last updated
Was this helpful?
View, edit, and manage user-created and pre-built Queries
Last updated
Was this helpful?
Use the Access Search > Saved Queries page to review and manage all queries within Veza. This includes both pre-built assessments and user-created queries composed using the .
Veza ships with hundreds of pre-built security queries, organized by integration, category, and use case. Many of these out-of-the-box queries are featured in Veza's dashboards. You can customize reports and dashboards by cloning existing queries, editing them, or creating new queries.
This flexibility enables tailoring Veza insights to your specific security needs and environment. You can use saved queries to:
Set risk levels for entities: Define , marking entities in the query results with a risk score.
Define access Review scopes: Choose a saved query when creating a to review the current query results, once or according to a schedule.
Trigger Alerts, Email Notifications, and Veza Actions: Saved queries can trigger when the results or their attribute values meet certain conditions.
Create shared reports for Veza users and teams: Create custom and .
Identify NHI, critical resources, and privileged roles: Define to mark saved query results as privileged roles, human or non-human identities, or set the criticality level of resources that meet the query conditions.
Export Results: Download or schedule result exports in CSV format, by email or to an integrated .
On the Saved Queries page, use the Actions button to the right of each query to choose from available actions, which include:
Manage Rules: Define and edit for the query.
View Alerts: Review alert details for the query.
Schedule Export: Configure for the query.
Set Risk Level: Define a for the query.
Clone: Create a copy of the query.
Delete: Remove the query.
Open in Query Builder: Edit the query.
Editing saved queries allows you to refine and customize your security assessments as your environment evolves, and ensure that your security insights remain relevant and accurate over time. You might edit a query to:
Adjust filters to include or exclude specific entities
Modify the query scope as new integrations are added
Update risk levels or alert conditions
Fine-tune the query for better performance or more targeted results
To edit a saved query:
Open the Access Intelligence > Saved Queries page and find a query you want to edit or act on.
Make any changes and click Save to finish saving the query.
Use the Query Builder Save menu to perform specific actions for the query:
Quick Save: Quickly save any new filters without changing other settings.
Save as New: Copy this query to modify it while preserving the original.
View Details: Show configuration details and metadata for this saved query.
Edit Configuration: Modify the basic settings of this query, such as name, description, and visibility.
Edit Rules: Configure or modify alert rules associated with this query.
Edit Reports: Add this query to reports or remove it from reports it's currently part of.
Export to CSV: Download the current query results as a comma-separated values (CSV) file.
Export to Snowflake: Send the query results to a connected Snowflake database.
Schedule Export: Set up an automated, recurring export of this query's results.
Copy Query Spec API: Copy the API specification for this query for use with the Veza Query Builder API.
View Query Spec API: Display the API specification for this query for reference or debugging.
Veza offers different ways to view and analyze saved query results, each suited to different use cases.
We recommend starting with the Query Details view for a quick, accessible overview of your results. From there, you can dive deeper into other views as needed for more detailed analysis.
You can access each view using the Actions menu on the Saved Queries page:
Query Details: A simplified view of your query results, ideal for:
Quick overviews of key findings
Reviewing trends and changes over time
Accessing associated risks, rules, and reports
Query Builder: A comprehensive, tabular view of results and query editor. Use this when you need to:
Perform detailed analysis of all entity attributes
Apply additional filters or modify the query
Export granular data for further processing
Graph: A visual representation of entities and their relationships. This view is best for:
Understanding complex access paths
Identifying indirect or unexpected connections
Exporting a clear picture of your security posture for stakeholders
Trend Chart: Shows changes in query results over time. Use this to:
Track the effectiveness of security measures
Identify patterns or anomalies in access behaviors
Generate visual reports for compliance and auditing purposes
Assigning risk levels to saved queries can help prioritize security efforts and enhance visibility into your organization's risk landscape. By doing so, you:
Highlight critical security issues that require immediate attention
Provide context for decision-making during access reviews
Enable risk-based reporting and tracking of security improvements over time
Facilitate communication about security priorities across teams and to leadership
Automate risk-based alerting and response workflows
This risk-based approach allows you to focus resources on the most significant threats to your organization's security posture, making your security operations more efficient and effective.
Find the query on the Access Visibility > Saved Queries page.
Expand the Actions dropdown menu and click Set Risk Level.
Use the dropdown menu to set the risk level to None, Low, Medium, High, or Critical.
Click Save.
Defining custom risks using saved queries can help reviewers make decisions during access reviews, track risk burndown, and provide visibility into your most critical identities, access controls, services, and resources.
Adding rules to saved queries enables automated monitoring and response to changes in your security posture. By creating rules, you can:
Get notifications when critical access patterns change
Automate the creation of access reviews for specific conditions
Trigger remediation workflows when potential risks are detected
Maintain continuous compliance with internal policies and external regulations
Rules transform static queries into dynamic security controls, helping you proactively manage access risks.
To assign rules to a saved query:
Choose Manage Rules from the actions dropdown menu.
Click Add New Rule.
Details: Give the rule a name, description, and severity level for categorizing the rule.
Conditions: Trigger the alert based on changes in the query results, or when results have specific properties (often referred to as attributes).
Action | Send Alert: Create alerts shown on the Access Intelligence > Rules & Alerts page, and optionally them using Veza Actions.
Click on the query name to edit it in .
To enable for a query:
After defining a risk using a saved query, entities in the results will be assigned a "Low", "Medium", "High", or "Critical" risk score. The varies depending on how many queries with risks an entity is in the results of.
Use the to define the alert details, conditions, and actions. See for more information about configuring emails, integrations, and webhooks as targets.
Action | Create Review: Start a new from an existing review .
