The Query security data mesh platform

Connect your data, wherever it lives. No ingestion required.

Query puts your security data to work. 50+ connectors. Unified data model. No pipelines to build or maintain.

Book a demo See how it works

Security data is distributed by default.
Your SIEM holds a fraction of it.
Analysts can’t use data they can’t reach.

Platform architecture

Centralize the insights,
not the data.

A platform-agnostic data layer that translates to each source’s native syntax, executes parallel queries, and returns OCSF-normalized results.

REQUEST RESPONSE SECURITY DATA MESH INTERFACE Query UI Query Splunk App Agents / MCP CLI Describe search intent Platform-agnostic · Common OCSF terms · Common operators Natural language · SPL · KQL · Sigma → FSQL FSQL REST API Query Engine Plan & Fetch Build query plan Parallel execution Gather Stream results Join & sort Connectors Request Translate syntax & operators Relationships & windowing traversal Response Filter emulation Normalize results to OCSF
YOUR DATA SOURCES
Splunk
Microsoft Sentinel
CrowdStrike Falcon
Okta
AWS Security Lake
Snowflake
Google SecOps
Defender for Endpoint
Microsoft Entra ID
Google BigQuery
Databricks
SentinelOne
VirusTotal
ServiceNow
AWS Athena
Datadog
Falcon LogScale
Azure Log Analytics
Amazon OpenSearch
ClickHouse
Shodan
Auth0
Jamf
Microsoft Intune
Splunk
Microsoft Sentinel
CrowdStrike Falcon
Okta
AWS Security Lake
Snowflake
Google SecOps
Defender for Endpoint
Microsoft Entra ID
Google BigQuery
Databricks
SentinelOne
VirusTotal
ServiceNow
AWS Athena
Datadog
Falcon LogScale
Azure Log Analytics
Amazon OpenSearch
ClickHouse
Shodan
Auth0
Jamf
Microsoft Intune
Read-only
No DDL risk
No ingestion
Data stays at its source
Data model
Normalized to OCSF
FSQL

One query language across every source.

Federated Search Query Language. Platform-agnostic syntax that the mesh translates to each source’s native language at query time.

FSQL documentation →
Query Data Model

Common fields. Every source.

Built on OCSF. One set of field names across every connected source. Write a detection once, run it everywhere. Search once, reach everything. The data foundation AI requires.

Data model documentation →
Connectors

Connect a source in <15 minutes.

No pipeline project. No ETL. No ongoing maintenance. Connect your sources, don’t build them.

Connector documentation →
Book a demo →
Connectors

Reach your data.
No engineering required.

Static Schema Sources

50+ pre-mapped security tools.

EDR, identity, email security, threat intel. Query maps the source to the Query Data Model. No engineering work, no schema decisions.

CrowdStrike · Okta · Entra ID · Defender · SentinelOne · Auth0 · VirusTotal · Jamf · ServiceNow · More
Dynamic Schema Sources

Any SIEM, cloud bucket, or analytics platform.

Query introspects the schema, auto-discovers partitioning, and maps your data to OCSF. The mesh adapts to your data, not the other way around.

Amazon S3 · Splunk · Snowflake · BigQuery · Google SecOps · Sentinel · Databricks · ClickHouse · Amazon CloudWatch · More

50+ federated sources. The mesh evolves with your stack.

Splunk
Microsoft Sentinel
AWS Security Lake
CrowdStrike Falcon
Okta
Defender for Endpoint
Snowflake
Google BigQuery
Microsoft Entra ID
Falcon LogScale
SentinelOne
Databricks
AWS Athena
Azure Log Analytics
Microsoft Intune
Auth0
Splunk
Microsoft Sentinel
AWS Security Lake
CrowdStrike Falcon
Okta
Defender for Endpoint
Snowflake
Google BigQuery
Microsoft Entra ID
Falcon LogScale
SentinelOne
Databricks
AWS Athena
Azure Log Analytics
Microsoft Intune
Auth0
VirusTotal
AlienVault OTX
Shodan
Datadog
ServiceNow
Cribl Search
Google SecOps
Amazon Redshift
Amazon OpenSearch
ClickHouse
Microsoft Graph
GitHub
Jamf
Armis
Lacework
1Password
Azure Data Explorer
VirusTotal
AlienVault OTX
Shodan
Datadog
ServiceNow
Cribl Search
Google SecOps
Amazon Redshift
Amazon OpenSearch
ClickHouse
Microsoft Graph
GitHub
Jamf
Armis
Lacework
1Password
Azure Data Explorer
Explore connectors
What the mesh makes possible

Security operations. Run on the mesh.

QUERY WORKERS

Mission-specific agents. Verifiable work.

AI agents for triage, investigation, threat hunting, ITDR and more. Engineered to earn trust.

Learn more →
FEDERATED DETECTIONS

Detect on data you can’t afford to ingest.

1,000+ FSQL recipes. SPL / KQL / Sigma translation. Coverage everywhere your data lives.

Learn more →
FEDERATED SEARCH

Every connected source. One query interface.

Search 50+ sources simultaneously. OCSF-normalized at query time. One query, every source.

Learn more →
QUERY FOR SPLUNK

Full mesh inside the Splunk console.

Analysts never leave Splunk. The data mesh extends what your team already owns.

Learn more →

Recognized by

SINET16 Innovator Award
Cybersecurity Excellence Award Winner
Gartner Cool Vendor - Security Operations
CRN Top 10 Hottest Cloud Security Startups
OCSF Built on OCSF

See your data
on the Query security data mesh.

Book a demo → Explore the docs →