- Search Overview
- Search Home Page
- Performing Searches
- Basic Search
- Advanced Search
- Advanced Search Building Blocks
- Running an Advanced Search Query
- Query Syntax
- Query by Subject
- Query by Vendor and Product
- Query by Field and Value
- Query by Context Table
- Query Using Regex
- Free Text Search
- Query Using Advanced Query Language Operators
- Query Using Aggregation Functions
- Query Using Structured Fields
- Dynamic Field Extraction
- Natural Language Search
- Anomaly Search
- Refine a Search
- Context Tables in Search
- Search Best Practices
- Search Results
- Dashboard Visualizations
Natural Language Search
The Natural Language Search feature translates a query prompt, entered using natural language, into Exabeam Query Language (EQL). This feature is part of Exabeam Copilot and its set of AI-driven capabilities.
Natural Language Search provides the following benefits:
You can build complex queries without the need for expert knowledge of complicated query syntax.
You build day-to-day queries quickly in order to focus efficiently on potential threats.
You can modify the query either by editing the natural language prompt or by editing the generated query syntax.
You can modify queries to zero in easily on specific aspects of the results.
Note
Natural language functionality benefits from exposure to use and Exabeam continues to work on extending the supported use cases. To date, AI training has emphasized the following types of use cases:
Top X Queries (example: top users during the last 7 days)
Anomaly Queries (example: anomalies for user Bob during the past month)
These types of natural language queries generate reliably accurate results. Other query use cases, which have not yet been emphasized in training, may yield less accurate search results.
If you have specific examples, or observations regarding accuracy, your feedback is appreciated.
To use the Natural Language Search feature:
On the Search home page, click the Search Mode drop down menu under the search bar and select the Natural Language option. The Search bar changes to present a double line.
In the Type your natural query line, enter your prompt in natural language. After a few seconds, the prompt is converted into query syntax and displayed in the Your query in EQL form will appear here line.
Example:
Natural Language Prompt:
top 50 users filtered by vendor MicrosoftExabeam Query Language:
SELECT user, count(*) AS user_count WHERE vendor:"Microsoft" GROUP-BY user ORDER-BY user_count desc LIMIT 50
After your query has been built, you can still edit either the natural language prompt or the query syntax.
Select a time range for the search results by clicking the time range icon (
) in the top left corner of the search bar. A dialog box opens where you can select various Quick or Absolute time ranges.Note
If you use a time range in your natural language prompt, such as
last 24 hours,last week, orlast month, the processing engine recognizes it and enters the time range automatically.Click the Search icon (
) to launch your query.