Cloning a Chart
Viewing Query Results
The Query Result icon opens the Query Result page. The Query Result page displays a table populated with the results of the query for the chart. You can also click through to view additional details about the data for each chart.
Using our example chart, the query includes:
Query is for entity type Asset
Query is for the Current time range. By default, this means the present day through 7 days old.
Data Sources not match sepm_protection OR Data Sources not match sentinelone_agent
Therefore, when Lucidum executes the query, the results are a list of assets from the current time period that don’t use Symantec Endpoint Protection or SentinelOne.
If we click on the Query Result icon, we see:
The Query Result page displays a list of assets that don’t use Symantec Endpoint Protection or SentinelOne..
You can sort the page by the column headings.
To see additional details about an asset, click on the > icon at the end of each row.
When we go to the row for asset I-2ETGBC4FWF2C9T1JQ and click on click on the > icon, we see the following:
Notice there are two tabs: Data Source and Lucidum Data Group.
The Data Source tab display allows you to see all the data sources from which Lucidum ingested data about the asset. You can select a Data Source to see which raw data was provided by that data source.
For our example chart, we selected Tenable_Scan. You can view the data about this asset that Lucidum ingested from Tenable.
The Lucidum Data Group tab displays all the data that Lucidum stores for this asset. Lucidum ingests data from multiple data sources and uses machine learning to deduplicate and triangulate data for each asset and normalize that data.
For our example chart, from the Details page we selected the Lucidum Data Group tab and then the Asset field. We can then see what kind of information Lucidum stores under the Asset label.