1. Boot Windows into Safe Mode or the Windows Recovery Environment. 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory. 3. Locate and delete the file matching “C-00000291*.sys”. 4. Boot the host normally. 🙃
Query
Security and Investigations
Atlanta, Georgia 4,609 followers
Federated Search For Security Teams
About us
Query is a federated search platform delivering a single search bar to access all your security-relevant data, wherever it is stored. The Query Federated Search Platform unlocks access to and value from cybersecurity data wherever it is stored (in the cloud, third-party SaaS, or on-prem), regardless of vendor or technology, and without requiring centralization. This leads to massive cost savings, more efficient security operations across real-time and historical data sources, and reduced security analyst ramp-up time.
- Website
-
https://www.query.ai
External link for Query
- Industry
- Security and Investigations
- Company size
- 11-50 employees
- Headquarters
- Atlanta, Georgia
- Type
- Privately Held
- Founded
- 2018
Locations
-
Primary
3423 Piedmont Rd NE
Atlanta, Georgia 30305, US
Employees at Query
Updates
-
STOP 🛑 Do Not Pass Go 🟢 Do Not Collect $200 💵 Do Not Ingest your VPC Flow Logs into #Splunk. Here's Why: Query + Splunk Dashboard: Investigating/Hunting potentially malicious traffic Network Flow data is critical to security investigators and hunters in helping to identify potentially malicious traffic. In this dashboard we can look at resources in particular AWS regions and analyze this data to try and zero in on malicious activity. In this case, VPC Flow Logs are being stored in more efficient cloud storage (#AmazonSecurityLake) and being visualized in Splunk through a single line of SPL that invokes the Query Federated Search App for Splunk. | queryai search="ip = YOUR IP HERE" platforms="AWS_SecLake_VPC_Flow"| spath input=_raw Want to see what else you can do? #splunkbase #federatedsearch #soc
-
"The rule says play it where it lies..." What are the parallels between golf and cybersecurity? Hear Query CISO Neal Bridges' take on this and more in his interview on In the Hot Seat with Dazz. Check out the full episode here: https://hubs.li/Q02GNsZj0 #cybersecurity #ciso #playitwhereitlies
-
☝️ SOC Manager #1: Hey — we’re having a problem keeping track of the alerting and assignment of incidents once they’re escalated. Can we use some sort of automation to keep it together? 🤔 SOC Analyst #1: I thought we let Microsoft Security take care of that for us with Defender 365? 🤨 SOC Analyst #2: Wait — don’t we have to wait for them to be pushed into our ITSM tool? I thought that is what we bought it for? 🙄 SOC Engineer #1: First off, *we* didn’t buy it, the Central IT Ops team did. Secondly, I thought we were managing Incidents in Microsoft Sentinel to use their native automation. 🤓 SOC Engineer #2: Folks, with our M365 E5 License we can start to forward all of our Defender alerting and incidents into Sentinel alongside our existing analytics rules and connectors. We can have all the Incidents being assigned there. 😰 SOC Manager #1: Okay, but how do we keep track of them and get visibility back into the other environments for our investigations? 🧠 SOC Engineer #2: Wait, can’t we connect Query Federated Search to Sentinel? That would let us retrieve all Incidents and related Alerts, see who is assigned to them, and pivot across our other data sources using federated search. 🤯 SOC Manager #1: Well that sounds a whole lot better! Read more:
-
Headed to #BlackHat2024? Let us know! Let's talk #federatedsearch
-
Building a modern security team in today's world requires special considerations — especially given how big the data challenges are today. Lets dive into how you go about building a security team, in a data diverse world. Check out the fifth installment of the #SecDataOpsCast with Query CISO Neal Bridges and ALS Global Information Security Director John Moore! Want to listen on the go? Search for SecDataOpsCast on your podcast platform of choice! https://hubs.li/Q02GnJQ00 #secdataops #cyberinsecurity #ciso
-
Security teams try incredibly hard to be a business enabler. Unfortunately, downtime due to an incident can be an absolute business killer. This makes Mean Time to Respond/Repair/Recover/Resolve a metric with some real $$ behind it. How much time is your team wasting pivoting across tools and systems to get to relevant security data in critical moments? Do you know what it’s costing you? #cybersecurity #incidentresponse #soc #friends
-
Join Neal Bridges and 🔹John M. for a discussion around Building a Modern Security Team in a Data Diverse World. #SecDataOpsCast starts in one hour! #secdataops #cyberinsecurity #ciso
-
Join Query CISO Neal Bridges and Global Information Security Specialist at ALS 🔹John M., as they discuss the strategies and pitfalls of building a modern security team in a data-diverse world. Tune in tomorrow at 3:00p ET here or on your favorite streaming platform! #secdataops #secdataopscast #cyberinsecurity
-
Query reposted this
You may have seen us talk a lot about #AmazonSecurityLake and the great benefits that it can bring, but how can it help your organisation? This comprehensive #UserGuide explains all. If you have experience with #AmazonSecurityLake and have implemented it in your organisation, how has it helped your business? Let us know in the comments below. Find out more ⬇⬇ https://lnkd.in/dZYQwNgr Simon Johnson, Lawrence McEwen, Peter Vorley
What is Amazon Security Lake?
docs.aws.amazon.com