Overview
As part of the Hunters Search tool, you can save queries you’ve created for future use, share these queries with your team members, use saved queries shared by others, and more. This tool is designed to save you the time and effort of rebuilding the same search query again and again, but also to share useful search queries with others to increase your team’s efficiency and alignment.
Reuse and manage saved queries
The query library is where saved and shared search queries are stored and managed. This library presents a list of all available search queries, whether created and saved by you or created by others and shared with you. As your library grows, it will require some upkeeping and maintenance from time to time. Read on to learn how you can manage your saved queries properly.
Click to enlarge
Save a search query
Saving useful search queries is a time-saving practice, especially if you or your team are following a set of investigation SOPs or playbooks. A saved query is private and can be used only by you, unless you decide to share it.
To save a search query:
Follow this procedure to create the search query.
Once done, click Save this query from the upper part of the page.
In the Save Query dialog box, name your search query. It’s recommended that you enter a description to help you remember the purpose of this query in the future.
.png?sv=2022-11-02&spr=https&st=2025-04-19T22%3A50%3A37Z&se=2025-04-19T23%3A04%3A37Z&sr=c&sp=r&sig=Uu%2BwlPzE9uj0OpixxeXAUxFcRi9CqhYcVuAuuhDKVGk%3D)
Under the Time Range field, determine select Last X (relative) to if you want the query to always run on the specific selected dates and times, check the Save time range as exact dates checkbox. Otherwise, a relative time range will be used (last 3 hours, last 12 hours, last 3 days, etc).
Click Save.
Use a saved search query
To save time and increase efficiency, instead of constantly building the same queries, you can load an existing saved query from the query library. This can be a query you created and saved or a query shared with you by a team member.
The query does not run automatically when selected, but rather loads on the search screen and requires you to fill in missing values and hit the Run query button.
To use a saved search query from the library:
Navigate to Investigation > Search.
Click Saved queries to open the query library.
.png?sv=2022-11-02&spr=https&st=2025-04-19T22%3A50%3A37Z&se=2025-04-19T23%3A04%3A37Z&sr=c&sp=r&sig=Uu%2BwlPzE9uj0OpixxeXAUxFcRi9CqhYcVuAuuhDKVGk%3D)
Locate the query you want to use and then click Select to load it onto the query section.
Complete the missing values in the query and then click Run query.
Edit a saved query
Saved queries can be refined and updated, even when shared with others. You can edit the query details, the query itself, or both.
To edit a saved query:
Navigate to Investigation > Search.
Click Saved queries to open the query library.
Locate the query you want to update and then click Select to load it onto the query section.
Make changes to your query and then click Save changes from the upper part of the page.
💡 Tip
To edit only the query details (name, description, etc.), hover over the query in the library, click the options icon and then click Edit Details.
Duplicate a saved query
If you are using a saved query and want to make changes to it without running over the existing settings, you can duplicate it and save it as a new query. This is also useful when you don’t have permissions to edit a query shared by a team member but want to use its settings.
To duplicate a saved query:
Navigate to Investigation > Search.
Click Saved queries to open the query library.
Locate the query you want to update and then click Select to load it onto the query section.
Make changes to your query and then click Save as new from the upper part of the page.
In the Save Query dialog box, name your search query. It’s recommended that you enter a description to help you remember the purpose of this query in the future.
.png?sv=2022-11-02&spr=https&st=2025-04-19T22%3A50%3A37Z&se=2025-04-19T23%3A04%3A37Z&sr=c&sp=r&sig=Uu%2BwlPzE9uj0OpixxeXAUxFcRi9CqhYcVuAuuhDKVGk%3D)
If you want the query to run on the relative time frame selected in the query settings, select the relative option from the Time range field. Select the exact dates option if you want the query to run on exact dates and times.
Click Save.
Delete a saved query
You can delete only saved queries created by you, even if they are shared with others.
To delete a saved query:
Navigate to Investigation > Search.
Click Saved queries to open the query library.
Locate the query you want to delete, click the options icon and then click Delete.
Share/unshare a query
After creating a saved query, you can share it with your team members and allow them to use it. You can also unshare it to prevent anyone else from seeing or using your query.
To share/unshare query:
Navigate to Investigation > Search.
Click Saved queries to open the query library.
Locate the query you want to share, and click the
icon to share it with others. To unshare an already shared query, click 
.
⚠️ Attention
When you unshare a query that was created by someone else it will immediately be removed from your view and will only be available to the query creator.