The mission of Query is straightforward: we help security teams use data to make better decisions, faster. Timely access to the right data is critical in security operations. Setting up that access is the work of security engineers and architects. It’s a complex, nuanced job that can either empower or impede the productivity of the broader SecOps team. Schema management & mapping data from multiple, dynamic sources can involve a lot of toil, trial & error.
Today we’re introducing Query CoPilot for Configure Schema, an enhancement to our Configure Schema feature designed to simplify and speed up schema mapping. This capability reduces complexity and reduces the time it takes to integrate new data sources with Query.
Schema Management Complexity
Security analysts and engineers face ongoing challenges with schema management. Teams must map data from many different sources, each with their own schema (or none at all), attributes, and naming conventions. Manually configuring schemas to normalize and correlate data is error-prone and can be a real pain…
Typical problems include:
- Large datasets with dozens of fields containing data that is both relevant and not relevant to SecOps
- Manual configurations and fragile data pipelines.
- Risk of inaccuracies in data mapping, leading to missed alerts or delays in response.
These issues directly impact the effectiveness of investigations, threat hunting and incident response in security operations.
Introducing Query CoPilot for Configure Schema
Configure Schema is an existing Query feature that provides a no-code wizard for mapping data from dynamic schema sources (such as data lakes, data warehouses, SIEMs, and log management platforms) to the Query Data Model. Query’s Data Model is based on the Open Cybersecurity Schema Framework (OCSF).
We’ve enhanced Configure Schema with Query CoPilot, an AI-driven capability that simplifies schema mapping further. CoPilot automatically recommends event class and attribute mappings, reducing manual effort and improving accuracy.
Key Capabilities and Benefits of Query CoPilot
Intelligent Recommendations
Query CoPilot automatically analyzes data and provides recommended event classes and schema mappings based on identified patterns and security context.
- Faster Onboarding: Reduces the time required to integrate new data sources.
- Improved Accuracy: Helps ensure consistent, accurate mappings across all data sources.
Guided User Experience
CoPilot’s user interface is designed to simplify schema configuration:
- Intuitive Interface: Step-by-step guidance to help engineers and architects iteratively map any dynamic schema data source being connected to Query.
- Lower Complexity: Reduces the need for intimate knowledge of individual data sources.
- Efficient Workflow: Streamlines mapping tasks, letting teams spend less time configuring and more time on analysis.
See Query CoPilot for Configure Schema in Action
Check out this short demo video recorded by Jonathan Rau, VP & Distinguished Engineer, showing how CoPilot simplifies and accelerates schema mapping.
Query CoPilot for Configure Schema simplifies the process of schema mapping. By automating recommendations and minimizing manual configuration, CoPilot helps security teams integrate new data faster and get even more value out of their investment in Query Federated Search.
Existing customers should contact their Query Customer Success Manager to access the preview release of Query CoPilot for Configure Schema. Your feedback will help us continue improving the feature to address real-world security data challenges.
Learn More and see it in action: https://www.query.ai/book-a-demo/
