Use the Submit Live Query Run SOAR action to start a Live Query run on the selected devices, or on the devices that are associated with the selected alerts.

• This action can be run from an alert or from a device.
• You can execute custom SQL queries using this action.
• After the successful execution of the action, details of the Live Query are visible in the related list of alerts or devices .
• For more information about Live Query, see Live Query.