What it looks like when you try to shove all your data in your SIEM #SIEM #SOC #cybersecurity
Query
Security and Investigations
Atlanta, Georgia 4,588 followers
Federated Search For Security Teams
About us
Query is a federated search platform delivering a single search bar to access all your security-relevant data, wherever it is stored. The Query Federated Search Platform unlocks access to and value from cybersecurity data wherever it is stored (in the cloud, third-party SaaS, or on-prem), regardless of vendor or technology, and without requiring centralization. This leads to massive cost savings, more efficient security operations across real-time and historical data sources, and reduced security analyst ramp-up time.
- Website
-
https://www.query.ai
External link for Query
- Industry
- Security and Investigations
- Company size
- 11-50 employees
- Headquarters
- Atlanta, Georgia
- Type
- Privately Held
- Founded
- 2018
Locations
-
Primary
3423 Piedmont Rd NE
Atlanta, Georgia 30305, US
Employees at Query
Updates
-
Happy Fourth of July from Query! Wishing everyone a safe and stellar Independence Day! 👨🚀🚀 #fourthofjuly #teamquery
-
-
Query reposted this
𝐏𝐚𝐫𝐭-𝟏: 𝐐𝐮𝐞𝐫𝐲𝐢𝐧𝐠 𝐃𝐢𝐬𝐩𝐚𝐫𝐚𝐭𝐞 𝐃𝐚𝐭𝐚 𝐢𝐧 𝐒𝐩𝐥𝐮𝐧𝐤 For the last couple of months, we have been working on the newest release of the Query Federated Search App for Splunk. I wanted to write this educational series as a way to demonstrate the power of what we have been building and why I find importance in the work. SOC teams should pay particular attention. The Query Splunk App enables rapid searching of cybersecurity data stored in various cloud storages, data lakes and SaaS environments other than Splunk itself, such as Amazon S3, Microsoft Defender for Endpoint, and Google BigQuery etc. To know more about the supported data sources, check out our official documentation. This post is focussed on the basic syntax needed to conduct searches across different sources via the Query platform on the Splunk dashboard. To utilize the Query App in Splunk, prepend your syntax with `| queryai`, followed by the `search` command parameter that specifies the search criteria. For example: `| 𝐪𝐮𝐞𝐫𝐲𝐚𝐢 𝐬𝐞𝐚𝐫𝐜𝐡="<𝐟𝐢𝐞𝐥𝐝> = <𝐯𝐚𝐥𝐮𝐞>"`. There are more operators available besides equality. 1️⃣ EndsWith: <field> = *<value> 2️⃣ StartsWith: <field> = <value>* 3️⃣ Contains: <field> = *<value>* Searching for a value that contains spaces, requires us include the value in quotes Example: | 𝐪𝐮𝐞𝐫𝐲𝐚𝐢 𝐬𝐞𝐚𝐫𝐜𝐡=“<𝐟𝐢𝐞𝐥𝐝> = ‘<𝐚 𝐬𝐞𝐧𝐭𝐞𝐧𝐜𝐞 𝐨𝐫 𝐚 𝐝𝐞𝐬𝐜𝐫𝐢𝐩𝐭𝐢𝐨𝐧>’” Additionally, `| queryai` command takes another optional parameter called `platforms` which accepts a CSV string. This allows you to condense your search to specific platforms of your choice. A complete example of that would be: | 𝐪𝐮𝐞𝐫𝐲𝐚𝐢 𝐬𝐞𝐚𝐫𝐜𝐡=“<𝐟𝐢𝐞𝐥𝐝> = <𝐯𝐚𝐥𝐮𝐞>” 𝐩𝐥𝐚𝐭𝐟𝐨𝐫𝐦𝐬=“𝐀𝐦𝐚𝐳𝐨𝐧𝐒𝟑, 𝐌𝐒𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫, 𝐉𝐀𝐌𝐅” Hope you got the basic idea about the syntax and there is more to be added in the next release. 🔥 Fore more details you can always read our official documentation: https://lnkd.in/g6ynu8Zn Was the post helpful? What would you like to see in the future posts? Comment down below. #federatedsearch #splunk #goquery
-
-
Hear about what data modeling for cybersecurity looks like, what is OCSF, and how its revolutionizing how we search for security data in modern day Security Operations Teams as Query CISO Neal Bridges is joined by his good friend, Query CTO Jeremy Fisher. https://hubs.li/Q02DKsL40 #secdataopscast #ocsf #cyberinsecurity
-
-
Query reposted this
Hacker || CISO || Content Creator & Event Speaker (bookings available) || TV & Media SME (see portfolio) || “All warfare is based on deception” || Need cyber advice? Lets chat!! topmate.io/neal_bridges
SecDataOps - What is OCSF OCSF has been really upcoming and innovative as teams move towards it for their security solutions. But how many are actually familiar with it. Lets dive in!!!
www.linkedin.com
-
Query reposted this
Hacker || CISO || Content Creator & Event Speaker (bookings available) || TV & Media SME (see portfolio) || “All warfare is based on deception” || Need cyber advice? Lets chat!! topmate.io/neal_bridges
🗺️ Do you know how to find your Security Data??? 🗺️ Having done multiple #SIEM deployments and working with data lakes like S3 and Snowflake, being able to get to the data is super important. Before that we have to model the data. No - not like modeling it on the catwalk...we have to map it to make it searchable. There are lots of ways to do that, but about a year ago, Amazon, Splunk and others came together to try and create a standard for security data mapping. 🚶➡️ - ((#OCSF enters the room)) Lets get together and talk about what data modeling for #cybersecurity looks like, what is OCSF, and how its revolutionizing how we search for security data in modern day Security Operations Teams, with my good friend Jeremy Fisher. Links in comments. #secdataops #secdataopscast #hacking #ciso #blueteam
-
-
Put your Amazon Route 53 DNS data to work from inside Splunk immediately. Query Federated Search App for Splunk available now at Splunkbase: https://hubs.li/Q02DpRxH0 #splunk #federatedsearch #route53
-