Access the Research Capability
To access the Research capability you must be a full administrator or analyst. The analyst role can be either of the following:
- Analyst - full access to research capabilities. Analysts can implement policy changes based on research outcomes and manage saved research queries for team use in addition to personal use.
-
Read-Only Analyst - read-only access to research capabilities. Can perform queries and manage saved research queries for personal use only.
You can access the Research capability in these ways:
- Directly by clicking Research on the console Navigation panel. You open the main research query page where you can begin building a query using the Lookout Query Language editor. This is useful for threat hunting; for example, finding apps based on specific behaviors such as apps that access the device camera or pictures from a gallery, apps produced by the same author, or that use or expose a device’s IMEI or other sensitive parameters.
- Use the Research shortcut from the console Apps page summary view of a selected app version, which opens the full Research analysis for that app. This approach is useful when you want the full details for a specific mobile app version; for instance, during an incident response workflow.