Logsign SIEM has preinstalled Mini Queries by default. Mini Queries; are small query package that is used to arrive at a quicker result when analyzing logs on the Logsign SIEM product. When creating a report or using the Logsign SIEM Search platform, instead of writing multiple queries, you automatically reduce the time and performance loss by using pre-written query packages for the event.
When you click the Settings > Data Management > Mini Queries tab in the menu bar using the Logsign SIEM WEB interface, you will see the installed query packs installed by default on Logsign SIEM. You can add new ones using the button at the end of the page.
In the Name section, the name that is determined in terms of the definition and use of the Mini Query is written. The Query section is a query that the Mini Query contains.
For example, if you write to the Logsign SIEM Search platform @@DatabaseConnection Mini Query with DataType: "log" Destination.Port :( "1433" OR "1434" OR "3306" OR "5432" OR "1521" OR "2100" OR " 2483 "OR" 2484 ") will give you the same result.
NOTE: When using Mini Queries in Logsign SIEM, you need to put two @ signs on the left side of the header of the Mini Query name.