How to Use the Query Library

How to Use the Query Library

Prerequisites

  • Access to the Query Library section
  • At least one integration connected

    • Accessing the Query Library

    Navigation: Sidebar → Query Library
  • Click Query Library in the sidebar.
  • The page opens with three tabs.

    • Widgets Tab

    Manage saved dashboard widgets:

  • Browse all saved widgets with search and type filtering
  • Preview widget visualizations before adding to dashboards
  • Edit existing widget queries and configurations
  • Delete widgets no longer needed
  • Add to Dashboard — select a widget and place it on any dashboard

    • Evidences Tab

    Manage evidence collection queries:

  • Browse saved evidence queries
  • Execute Evidence — run a query to collect compliance evidence
  • Edit evidence query definitions
  • Delete outdated queries

    • Evidence queries automatically collect data from connected integrations that can be used as compliance evidence across the platform.

    > Tip: Set up evidence queries for your key compliance controls. Running them regularly provides automated evidence collection for audit preparation.

    Alerts Tab

    Manage alert monitoring queries:

  • Browse saved alert configurations
  • Trigger Alerts — manually run alert queries to check for conditions
  • Edit alert thresholds and parameters
  • Delete alerts no longer needed

    • Alerts notify you when specific security conditions are met (e.g., new critical vulnerabilities, configuration drift, access anomalies).

    Troubleshooting

    IssueSolution
    Query Library is emptyNo queries have been saved yet. Create widgets or evidence queries from the Custom Widget Builder.
    Evidence execution failsVerify the source integration is active and the query references valid data tables.
    Cannot edit a queryVerify your role has the required edit permissions.
    Alert not triggeringCheck alert conditions and thresholds. Verify the underlying data source is syncing.

      • Related Articles

      • How to Set Up Alerts and Evidence Queries

        Prerequisites Access to the Query Library section At least one integration connected and syncing For Evidence Queries: knowledge of your compliance framework's control identifiers Evidence Queries Navigation: Sidebar > Query Library > Evidences Tab ...

      • Getting Started with Interno

        Prerequisites Before you begin, ensure you have: An active Zeron account with Interno access Admin or Security Analyst role assigned to your profile At least one security tool/integration ready to connect (e.g., Microsoft Defender, CrowdStrike, AWS) ...

      • How to Use the ZIN AI Copilot

        Prerequisites Access to the ZIN Copilot section At least one integration connected (for data-driven responses) Accessing the ZIN Copilot Navigation: Sidebar → ZIN Copilot Click ZIN Copilot in the sidebar. The chat interface opens with a message input ...

      • How to Use One-Click Remediation

        Prerequisites A security finding or vulnerability that needs remediation Access to ZIN Copilot Appropriate access to the target systems (for executing commands) How One-Click Remediation Works ZIN identifies a security issue (from integrations, ...

      • How to Use the Risk Register

        Prerequisites Access to the Risk Register section Understanding of your organization's risk landscape Accessing the Risk Register Navigation: Sidebar → Risk Register Click Risk Register in the sidebar. The risk list page loads showing all risks with ...