Simplify the way
you search security data

Query is a federated search solution that enables you to
access and get answers from your security data — wherever it is stored.
The Query federated search, data source connectivity, and data normalization platform.

Why Query Federated Search?

Visibility & Access

Security-relevant data is hard to manage and hard to use. While the ideal for some SecOps/IR programs is to centralize around their SIEM(s), the reality is that analysts often have to break context and concentration as the path of an investigation typically requires them to hop into other tools.

Query is an API bridge to your data wherever it is, making the security data across your environment more readily accessible and actionable regardless of its location. With Federated Search and in-flight data normalization, Query can search and surface relevant information to analysts in real-time, no matter where the data is stored. By not forcing you to use a pipeline to pre-process data, or to duplicate data, Query allows security teams to:

  • Rapidly onboard data sources – and we never duplicate or store your data.
  • Search for relevant data beyond the scope of normal security tools: ERP, HRIS, and business applications.
  • Use more data, better. Query normalizes, enriches, correlates, collates, deduplicates and explores data without the usage of pipelines, SDKs, or external tools.
  • Deepen existing ROI on tools and their data by providing easy data access to analysts and operators of all skill levels.
Choice & Control

Security-relevant data volumes continue to increase, with no sign of slowing down. Whether it is expanding costs of ingestion and storage in SIEMs, or increasing compute costs in lakes, warehouses and XDRs – the cost of security is steadily increasing too, leading to tradeoffs between data availability, currency, detection efficacy and the overall effectiveness of your security program.

Query allows data to be searched no matter where it is, without charging analysts and operators extra for compute, storage or ingestion. Query deconflicts IT spend from achieving security outcomes. This includes:

  • Deploying API bridges into, and across, all of your data stores: object, lakes, SIEMs, warehouses, and directly from the source APIs.
  • Accessing archived, historical and real-time data – from event logs to CMDB entries to security findings.
  • Avoiding vendor lock-in and accelerating SecOps-related migration and transformation projects by plugging the data gaps as-you-go via federated search access to all relevant data stores.
Speed & Precision

When it comes to investigating an incident or threat, analysts, detection engineers, and other operators need access to data – fast. Query is unparalleled here, providing both first party connectors to security-relevant data providers and easy access to dynamic schemas such as those in Splunk indices, Snowflake, Google BigQuery and Amazon S3.

With the combination of speed & precision that Query federated search provides, your analysts can close their OODA Loop faster, your detection engineers can interdict distinct threats and tradecraft quicker than traditional SIEMs and XDRs, and all other operators can benefit from gaining access to all the relevant data they ever need. Operators can:

  • Use only a single search window with visual context to provide immediate, deep understanding of the issue.
  • Pivot seamlessly into follow on searches all within the Query platform.
  • As new data sources are identified as relevant to your investigation, add them on the fly, accessing new data in time to support your investigation as it develops.
  • Better enable your talent and reduce the burnout most analysts experience as a result of repetitive manual task fatigue.

Get started with Query in
three easy steps!

You’ll be searching your data in less than 30 minutes.

1

Create an
Account & Organization

Your first Organization is usually your company, but it could also represent a team or other group.

query platform signup

2

Connect your
Integrations

Set up Integrations, which are connections to data sources. You will need your access credentials, which could be URL, API keys, auth tokens, etc. Check out the available Integrations in the next section.

query platform integrations

3

Perform your
first Query!

Start typing using natural language to instantly search across all of your connected integrations!

query federated search app for splunk

Centralized Insights from Decentralized Data

Powerful Search Search your data without moving it. Security data is everywhere. Centralizing and duplicating data to support the security team takes prep work, time you don’t have, and a hefty budget.

Do you have data in multiple SIEMs, data lakes, cloud storage, SaaS apps, and On-prem apps?

Query gives you the power to search and get answers from your data, wherever it resides. Take Control of Costs Increase visibility, not your SIEM bill. Technology environments are always changing & expanding. Query gives you back choice and control over your data.

You no longer need to compromise between putting your security data to work because of increasing data related costs. Get Accurate Answers, Fast You have questions, we have answers. Get the answers you need in security investigations, threat hunting, and incident response. Gain context from more data sources; not just your SIEM or data lake.

Query delivers access to real-time and historical data sources to enable your team to quickly decide and act. More Effective Teams More insight, less cruft. Security teams need context to understand data. Building workflows and playbooks takes time and can be brittle.

Need to know which users have authenticated from an IP address? Which users or hosts have visited a domain? Who has received email from a given sender?

Query can help. query product demo example

Industry Feedback

"Effective security operations require teams to answer questions quickly using data from many sources, without long onboarding times and increasing data costs. Query is purpose-built to do just that. We are delighted to invest in Query." Janey Hoe Vice President, Cisco Investments "In 25 years of working with cybersecurity tools, I’ve never seen a bigger impact to customers in such a short time." Tammi Hayes President, Capital Strategies Group “Query is an enabler of the emerging SecDataOps trend that seeks to empower security operations with enterprise-wide data and collaboration.” Tari Schreider Strategic Advisor, Datos Insights “Security operations is a data game. It’s not just having the data, but the ability to make use of the right data when you need it. Query’s ability to rapidly integrate with distributed data is a game changer for teams defending cloud and SaaS environments at scale.” RUDY RISTICH President, Capital Strategies Group "Putting data to work is the future of security operations. Decoupling data analytics from data storage is the secret sauce. Query drastically increases our data visibility and allows us to control how we access and use data without always driving up the cost." Troy Wilkinson CISO, Interpublic Group

Quick & Easy API Connectors with your Cloud, SaaS, and On-Prem Technologies We manage the APIs and put your security data to work. This list is constantly growing, so please email product(@)query.ai if you don’t see your tech listed.
To top
Untitled Document