AQL Generation and AQL Explanation

Edit online

Learn about Ariel Query Language (AQL) Generation and AQL Explanation in QRadar Investigation Assistant app release.

Generating an AQL statement (Directed workflow)

To generate an AQL statement, complete the following steps:
  1. Go to IBM QRadar Investigation Assistant main page.
  2. Click AQL Generation.
  3. Describe in natural language what the AQL statement must accomplish.
  4. Follow up with questions about the AQL statement or the information that is provided in the explanation.
  5. To generate another AQL statement in the directed workflow, click the Start a new chat button.

Explaining an AQL statement (Directed workflow)

To generate an AQL statement, complete the following steps:
  1. Go to IBM QRadar Investigation Assistant main page.
  2. Click AQL Explanation.
  3. Describe in natural language what the AQL statement must accomplish.
  4. Follow up with questions about the AQL statement or the information that is provided in the explanation.
  5. To explain another AQL statement in the directed workflow, click the Start a new chat button.

Query Impact Protection

Query Impact Protection appends an EXECUTIONTIMELIMIT parameter to generated AQL queries for users who want to run the generated AQL but are concerned about potential risks. The EXECUTIONTIMELIMIT automatically cancels the query after the specified time limit is reached. The time limit for the EXECUTIONTIMELIMIT parameter is in milliseconds (30000 = 30 seconds).

To enable Query Impact Protection:

  1. Navigate to the QRadar Investigation Assistant configuration page
  2. Toggle Query Impact Protection to ON
  3. Set an appropriate time limit value in milliseconds, or keep the default value
  4. Save your configuration

You can disable Query Impact Protection at any time:

  1. Navigate to the QRadar Investigation Assistant configuration page
  2. Toggle Query Impact Protection to OFF
  3. Save your configuration