Blogs
February 6, 2024 / February 26, 2024 by Query
WhoisXML API offers context for domain history. Integrating WhoisXML API with Query will allow analysts to include the following data in their search: Query’s connection to WhoisXML API can be easily enabled just by adding your API key in Query’s WhoisXML API connection configuration. See out integration documentation here. The integration is based on these […]
Read more »
January 30, 2024 / January 31, 2024 by Query
Query’s integration with Auth0’s cloud identity management solution allows analysts to do the following: For example, the analyst could obtain the following context: To integrate Auth0, see integration documentation here. The integration will normalize data pulled from Auth0 into Query’s OCSF based QDM (Query Data Model) which then enables cross-platform joins, compounding the analyst’s ability […]
Videos Webinars
January 24, 2024 / March 28, 2024 by Query
So, what did we learn in 2023? Join Query CEO Matt Eberhart and guest CISO Neal Bridges in this upcoming webinar as they discuss the cyber security trends from 2023 and predictions for 2024.
January 23, 2024 / January 31, 2024 by Query
Tégo Cyber, or simply, Tego, is a Cyber Threat Intelligence tool that SecOps teams use in-line of Amazon Security Lake and Splunk ES for enrichment based on IOCs. That allows customers to directly search for IOCs (Domains, Hashes, IPs, URLs) to harvest Open Source Intelligence (OSINT) and also, Tego’s own Cyber Threat Intelligence (CTI) for […]
January 16, 2024 / January 17, 2024 by Query | Leave a Comment
Shodan is an Open Source Intelligence (OSINT) tool used for tracking security flaws in devices, networked hardware and software, control systems, IOT devices like security cameras, medical equipment, and other devices that are exposed via the internet. Query integrates with Shodan’s REST APIs to provide threat intelligence and enrichment. See our integration documentation here. Once […]
Videos
January 10, 2024 / March 28, 2024 by Query
With Query, data does not need to be ingested or stored in Splunk to be used in Splunk. Query is a bridge between Splunk and your data, wherever it is stored, making more data accessible and actionable within your Splunk instance. With Federated Search and in-flight data normalization, Query can add additional data to your […]
January 9, 2024 / January 17, 2024 by Query | Leave a Comment
Many organizations have logs, metrics, and security events in Datadog, including key sources like UNIX/Linux syslog and Windows Event Logs. This data is sometimes valuable to investigations and audits, but either may not be present in the SIEM, or if it is, drives ingestion expenses and data duplication. Query integrates with Datadog using Datadog’s public […]
Newsroom
December 13, 2023 / December 13, 2023 by Query
December 13, 2023 / March 28, 2024 by Query
“Query is a force-multiplier for your security operations team.” Hear what IPG CISO Troy Wilkinson has to say about managing regulations and querying log sources in this quick snippet from our recent webinar.
December 6, 2023 / March 28, 2024 by Query
“Data is the future of security operations. How we access that data is the secret sauce to being successful. We need to be able to decouple where we store data and how we search data.” – IPG CISO Troy Wilkinson. Hear what all he has to say about the future of federated search for security […]
