Newsroom
February 16, 2024 / February 26, 2024 by Query
Read more »
Blogs
February 13, 2024 / February 26, 2024 by Query
ServiceNow is software for the SOC to manage incident workflow. While investigating incidents, analysts collaborate with each other using ServiceNow and capture results, actors and evidence, status, and progress information in the tool. Since it holds the organization’s incident history, ServiceNow also becomes a key data source that analysts need visibility into when they start […]
February 6, 2024 / February 26, 2024 by Query
WhoisXML API offers context for domain history. Integrating WhoisXML API with Query will allow analysts to include the following data in their search: Query’s connection to WhoisXML API can be easily enabled just by adding your API key in Query’s WhoisXML API connection configuration. See out integration documentation here. The integration is based on these […]
January 30, 2024 / January 31, 2024 by Query
Query’s integration with Auth0’s cloud identity management solution allows analysts to do the following: For example, the analyst could obtain the following context: To integrate Auth0, see integration documentation here. The integration will normalize data pulled from Auth0 into Query’s OCSF based QDM (Query Data Model) which then enables cross-platform joins, compounding the analyst’s ability […]
Videos Webinars
January 24, 2024 / March 28, 2024 by Query
So, what did we learn in 2023? Join Query CEO Matt Eberhart and guest CISO Neal Bridges in this upcoming webinar as they discuss the cyber security trends from 2023 and predictions for 2024.
January 23, 2024 / January 31, 2024 by Query
Tégo Cyber, or simply, Tego, is a Cyber Threat Intelligence tool that SecOps teams use in-line of Amazon Security Lake and Splunk ES for enrichment based on IOCs. That allows customers to directly search for IOCs (Domains, Hashes, IPs, URLs) to harvest Open Source Intelligence (OSINT) and also, Tego’s own Cyber Threat Intelligence (CTI) for […]
January 16, 2024 / January 17, 2024 by Query | Leave a Comment
Shodan is an Open Source Intelligence (OSINT) tool used for tracking security flaws in devices, networked hardware and software, control systems, IOT devices like security cameras, medical equipment, and other devices that are exposed via the internet. Query integrates with Shodan’s REST APIs to provide threat intelligence and enrichment. See our integration documentation here. Once […]
Videos
January 10, 2024 / March 28, 2024 by Query
With Query, data does not need to be ingested or stored in Splunk to be used in Splunk. Query is a bridge between Splunk and your data, wherever it is stored, making more data accessible and actionable within your Splunk instance. With Federated Search and in-flight data normalization, Query can add additional data to your […]
January 9, 2024 / January 17, 2024 by Query | Leave a Comment
Many organizations have logs, metrics, and security events in Datadog, including key sources like UNIX/Linux syslog and Windows Event Logs. This data is sometimes valuable to investigations and audits, but either may not be present in the SIEM, or if it is, drives ingestion expenses and data duplication. Query integrates with Datadog using Datadog’s public […]
December 13, 2023 / December 13, 2023 by Query