How to Use the Query Library

How to Use the Query Library

Prerequisites

  • Access to the Query Library section
  • At least one integration connected

    • Accessing the Query Library

    Navigation: Sidebar → Query Library
  • Click Query Library in the sidebar.
  • The page opens with three tabs.

    • Widgets Tab

    Manage saved dashboard widgets:

  • Browse all saved widgets with search and type filtering
  • Preview widget visualizations before adding to dashboards
  • Edit existing widget queries and configurations
  • Delete widgets no longer needed
  • Add to Dashboard — select a widget and place it on any dashboard

    • Evidences Tab

    Manage evidence collection queries:

  • Browse saved evidence queries
  • Execute Evidence — run a query to collect compliance evidence
  • Edit evidence query definitions
  • Delete outdated queries

    • Evidence queries automatically collect data from connected integrations that can be used as compliance evidence across the platform.

    > Tip: Set up evidence queries for your key compliance controls. Running them regularly provides automated evidence collection for audit preparation.

    Alerts Tab

    Manage alert monitoring queries:

  • Browse saved alert configurations
  • Trigger Alerts — manually run alert queries to check for conditions
  • Edit alert thresholds and parameters
  • Delete alerts no longer needed

    • Alerts notify you when specific security conditions are met (e.g., new critical vulnerabilities, configuration drift, access anomalies).

    Troubleshooting

    IssueSolution
    Query Library is emptyNo queries have been saved yet. Create widgets or evidence queries from the Custom Widget Builder.
    Evidence execution failsVerify the source integration is active and the query references valid data tables.
    Cannot edit a queryVerify your role has the required edit permissions.
    Alert not triggeringCheck alert conditions and thresholds. Verify the underlying data source is syncing.

      • Related Articles

      • How to Set Up Alerts and Evidence Queries

        Prerequisites Access to the Query Library section At least one integration connected and syncing For Evidence Queries: knowledge of your compliance framework's control identifiers Evidence Queries Navigation: Sidebar > Query Library > Evidences Tab ...

      • Troubleshooting Common Issues in Interno

        This guide covers common issues in Interno (the Zeron Command Center) and how to resolve them. Login & Permissions Many "I can't see/do X" issues are missing permission scopes (Interno scopes use the defence: prefix). A user without the required ...

      • Getting Started with Interno

        Prerequisites Before you begin, ensure you have: An active Zeron account with Interno access Admin or Security Analyst role assigned to your profile At least one security tool/integration ready to connect (e.g., Microsoft Defender, CrowdStrike, AWS) ...

      • How to Use the ZIN AI Copilot

        Prerequisites Access to the ZIN Copilot section At least one integration connected (for data-driven responses) Accessing the ZIN Copilot Navigation: Sidebar → ZIN Copilot Click ZIN Copilot in the sidebar. The chat interface opens with a message input ...

      • How to Use the Endpoint Comparison Matrix

        The Endpoint Comparison Matrix shows which of your connected security tools "see" each asset — so you can spot coverage gaps (for example, a device known to Active Directory but missing from your EDR). It lives inside Asset Inventory. What you'll ...