Submitting a Live Query Run (SOAR Action in ServiceNow)

Use the Submit Live Query Run SOAR action to start a Live Query run on the selected devices, or on the devices that are associated with the selected alerts.

This action can be run from an alert or from a device.
You can execute custom SQL queries using this action.
After the successful execution of the action, details of the Live Query are visible in the related list of alerts or devices .
For more information about Live Query, see Live Query.