User Guide
Release Notes

Saved Queries

View, edit, and manage user-created and pre-built Queries

You can manage all built-in assessments and user-created Queries from the Access Search > Saved Queries page. Veza ships with hundreds of pre-built security queries, labeled based on category and use case. You can organize Saved Queries in Reports and on the main dashboard.

You can always create a copy or edit the original Query for your specific environment. To edit a saved query and customize rules and reports:

  1. Open the Access Intelligence > Saved Queries page and find a query you want to modify or operationalize.

  2. Click the query name to open it in Query Builder. You can edit the original query, or create a copy using the Save menu.

  3. Under Filters > Attributes, click Edit to modify constraints. For example, you might exclude results from test domains, or otherwise omit entities by id or another criteria.

  4. Open the Save menu and click Edit Rules. Here, you can configure alerts and notifications, triggered when the query results change.

  5. Open the Save Query > Add to Report tab to choose a report the query will be included in. You can add a new report section for organization, or use an existing one.

You can filter the entire list by a keyword, query label, or integration, and sort by column to find Saved Queries:

  • With a Risk Level

  • Created by another user or out-of-the-box queries provided by Veza

  • Attached to an Alert Rule

The Saved Query Actions dropdown menu provides options to:

  • View Query Details

  • Open the query in the Query Builder

  • Open a trend chart to visualize changes over time

  • Configure an Alert Rule for the query

  • Set a Risk Level for the query

  • Clone the query to change the name or other search parameters

  • View the query details, including the full description and search parameters

  • Delete the Query

Setting risk levels for saved queries

To enable risks for a query, find the query on the Access Visibility > Saved Queries page. Click Set Risk Level under the query options dropdown.

  • Search results are marked with a Critical or Warning label based on the risk level.

  • Entities have a Risk Level that increases based on how many queries with risks they are in the results of.

  • You can search for Risks from Authorization Graph by enabling Highlight Entities of Interest > Risks on the search sidebar.

For some queries, there can be exceptions where the heightened privilege is appropriate, or are not actionable. ‌If you need to exclude an individual entity from appearing as a risk, you can search for it on the Access Intelligence > Risks page and click Mark as Exception.

Adding alert rules for saved queries

To receive alert notifications when the results of a custom query change, pick a saved query and click Create a Rule from the options dropdown menu.

The rule builder will pre-fill with your custom query. Use the Conditions options to set triggers for notifications, and pick an optional delivery method from the list of configured notification integrations.

PreviousQuery BuilderNextFilters

Last updated