The Aurora Focus InstaQuery API allows users to search for system artifacts stored locally by Aurora Focus - files, registry key persistence points, processes, etc. Users can investigate incidents, or hunt for potential threats, and then take appropriate remediation actions.

InstaQuery searches are zone based; unzoned endpoints cannot be searched via InstaQuery.

The Aurora Focus InstaQuery API includes:

• Creating an InstaQuery
• Getting a list of InstaQueries in a tenant
• Getting a specific InstaQuery
• Getting the results of an InstaQuery
• Archiving an InstaQuery