Videos
February 26, 2024 / March 28, 2024 by Query
How long does it take you to add a new data source to your security infrastructure? Days? Weeks? Months? We just added one in about three minutes, and we weren’t even trying to hurry. What data could you unlock by having an Athena integration like this? Noisy network data like zScaler? Huge data producers like […]
Read more »
Blogs
February 22, 2024 / May 6, 2024 by Query
AWS Security Lake — VPC Flow Data via Security Lake Query’s integration with AWS VPC Flow Log via Security Lake data allows analysts to do the following: For example, the analyst could obtain the following context: To integrate AWS VPC Flow Logs, see integration documentation here. The integration will normalize data pulled from Security Lake […]
Videos Webinars
February 21, 2024 / March 28, 2024 by Query
What makes for an effective cybersecurity leader in 2024? Many companies and teams are still working remotely or in a hybrid model. And even those going into the office may find they are not working in person with others in their department. What do teams need to be effective? How can leaders navigate this environment […]
Newsroom
February 16, 2024 / February 26, 2024 by Query
February 13, 2024 / February 26, 2024 by Query
ServiceNow is software for the SOC to manage incident workflow. While investigating incidents, analysts collaborate with each other using ServiceNow and capture results, actors and evidence, status, and progress information in the tool. Since it holds the organization’s incident history, ServiceNow also becomes a key data source that analysts need visibility into when they start […]
February 6, 2024 / February 26, 2024 by Query
WhoisXML API offers context for domain history. Integrating WhoisXML API with Query will allow analysts to include the following data in their search: Query’s connection to WhoisXML API can be easily enabled just by adding your API key in Query’s WhoisXML API connection configuration. See out integration documentation here. The integration is based on these […]
January 30, 2024 / January 31, 2024 by Query
Query’s integration with Auth0’s cloud identity management solution allows analysts to do the following: For example, the analyst could obtain the following context: To integrate Auth0, see integration documentation here. The integration will normalize data pulled from Auth0 into Query’s OCSF based QDM (Query Data Model) which then enables cross-platform joins, compounding the analyst’s ability […]
January 24, 2024 / March 28, 2024 by Query
So, what did we learn in 2023? Join Query CEO Matt Eberhart and guest CISO Neal Bridges in this upcoming webinar as they discuss the cyber security trends from 2023 and predictions for 2024.
January 23, 2024 / January 31, 2024 by Query
Tégo Cyber, or simply, Tego, is a Cyber Threat Intelligence tool that SecOps teams use in-line of Amazon Security Lake and Splunk ES for enrichment based on IOCs. That allows customers to directly search for IOCs (Domains, Hashes, IPs, URLs) to harvest Open Source Intelligence (OSINT) and also, Tego’s own Cyber Threat Intelligence (CTI) for […]
January 16, 2024 / January 17, 2024 by Query | Leave a Comment
Shodan is an Open Source Intelligence (OSINT) tool used for tracking security flaws in devices, networked hardware and software, control systems, IOT devices like security cameras, medical equipment, and other devices that are exposed via the internet. Query integrates with Shodan’s REST APIs to provide threat intelligence and enrichment. See our integration documentation here. Once […]
