White Papers

		[{"id":4781,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2026\/02\/Query_Rethinking-Your-Security-Data-Operating-Model.pdf","name":"rethinking-your-security-data-operating-model","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2026\/02\/SDO-Whitepaper.png","alt":""},"title":"Rethinking Your Security Data Operating Model","postMeta":[],"author":{"name":"Query","link":"https:\/\/www.query.ai\/resources\/author\/query\/"},"date":"Feb 10, 2026","dateGMT":"2026-02-10 13:30:40","modifiedDate":"2026-02-10 08:30:42","modifiedDateGMT":"2026-02-10 13:30:42","commentCount":"0","commentStatus":"open","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":2,"sec":19},"status":"publish","content":"This paper explores how everyday data decisions quietly shape detection, investigation, response, & AI efforts, and why high\u2011performing teams have settled on a different way"},{"id":4774,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2026\/02\/SDO-White-Paper.pdf#new_tab","name":"ai-readiness-what-sdo-enables","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2026\/02\/SDO-white-paper.png","alt":""},"title":"Security Data Operations Assessment & Strategy Guide","postMeta":[],"author":{"name":"Query","link":"https:\/\/www.query.ai\/resources\/author\/query\/"},"date":"Feb 5, 2026","dateGMT":"2026-02-05 12:35:50","modifiedDate":"2026-02-10 09:25:19","modifiedDateGMT":"2026-02-10 14:25:19","commentCount":"0","commentStatus":"open","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":1,"sec":58},"status":"publish","content":"This white paper provides a practical guide to assessing security data operations and developing a phased strategy to build a scalable foundation for modern security"},{"id":4531,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/QWP-08_Security-Data-Lake-on-Amazon-S3.pdf#new_tab","name":"qwp-08_security-data-lake-on-amazon-s3","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/2025-10-29_SecDataLake-WP.png","alt":"Building Security Data Lakehouse S3 Whitepaper thumbnail"},"title":"Best Practices for Building & Running a Security Data Lake on Amazon S3","postMeta":[],"author":{"name":"Query","link":"https:\/\/www.query.ai\/resources\/author\/query\/"},"date":"Oct 29, 2025","dateGMT":"2025-10-29 15:01:07","modifiedDate":"2025-10-29 11:01:08","modifiedDateGMT":"2025-10-29 15:01:08","commentCount":"0","commentStatus":"closed","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":2,"sec":18},"status":"publish","content":"This white paper explains how to optimize a security data lake on Amazon S3 for performance, cost, and analyst outcomes. It covers core AWS services,"},{"id":4466,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/QWP-07_Mapping-ALB-Access-Logs-to-OCSF.pdf#new_tab","name":"mapping-amazon-alb-access-logs-to-ocsf","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/2025-10-09_ALB-to-OCSF.png","alt":"Mapping ALB to OCSF white paper"},"title":"Mapping Amazon Application Load Balancer Access Logs to the Open Cybersecurity Schema Framework (OCSF)","postMeta":[],"author":{"name":"Query","link":"https:\/\/www.query.ai\/resources\/author\/query\/"},"date":"Oct 9, 2025","dateGMT":"2025-10-09 15:08:34","modifiedDate":"2025-10-09 11:08:36","modifiedDateGMT":"2025-10-09 15:08:36","commentCount":"0","commentStatus":"closed","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":0,"sec":59},"status":"publish","content":"This white paper explores how to map Amazon Application Load Balancer (ALB) access logs to the Open Cybersecurity Schema Framework (OCSF) to improve security analytics,"},{"id":4433,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/QWP-06_Definitive-Guide-to-OCSF-Mapping.pdf#new_tab","name":"ocsf-mapping-guide","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/10\/2025-10-01_OCSF-Mapping_WhitePaper_tmb.png","alt":"OCSF Mapping white paper thumbnail"},"title":"Definitive Guide to Open Cybersecurity Schema Framework (OCSF) Mapping","postMeta":[],"author":{"name":"Query","link":"https:\/\/www.query.ai\/resources\/author\/query\/"},"date":"Oct 1, 2025","dateGMT":"2025-10-01 17:55:53","modifiedDate":"2025-10-01 13:55:55","modifiedDateGMT":"2025-10-01 17:55:55","commentCount":"0","commentStatus":"closed","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":0,"sec":47},"status":"publish","content":"This whitepaper explains how to map security data into the Open Cybersecurity Schema Framework (OCSF), covering normalization, standardization, attributes, and governance for stronger security outcomes."},{"id":4385,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/09\/QWP-05_Query-Absolute-Beginners-Guide-to-OCSF.pdf#new_tab","name":"absolute-beginners-guide-to-ocsf","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/09\/2025-09-24_OCSF-Beginners-Guide_WP2.png","alt":"beginners guide to ocsf white paper thumbnail"},"title":"Absolute Beginners Guide to OCSF","postMeta":[],"author":{"name":"Aurora Starita","link":"https:\/\/www.query.ai\/resources\/author\/aurora-starita\/"},"date":"Sep 24, 2025","dateGMT":"2025-09-24 14:54:45","modifiedDate":"2025-09-24 15:20:18","modifiedDateGMT":"2025-09-24 19:20:18","commentCount":"0","commentStatus":"closed","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":0,"sec":8},"status":"publish","content":"A beginner-friendly white paper introducing the Open Cybersecurity Schema Framework (OCSF). Learn what OCSF is, why normalization matters, common use cases, and best practices for"},{"id":4240,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/08\/2025-08-14_Best-Practices-for-Security-Data-Pipelines.pdf#new_tab","name":"best-practices-for-security-data-pipelines","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2025\/08\/2025-08-14_Security-Data-Pipelines-White-Paper.png","alt":"query security data pipelines white paper"},"title":"Best Practices for Security Data Pipelines","postMeta":[],"author":{"name":"Query","link":"https:\/\/www.query.ai\/resources\/author\/query\/"},"date":"Aug 14, 2025","dateGMT":"2025-08-14 15:13:20","modifiedDate":"2025-08-15 03:51:25","modifiedDateGMT":"2025-08-15 07:51:25","commentCount":"0","commentStatus":"closed","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":0,"sec":10},"status":"publish","content":"Strategically move telemetry to cloud object storage in optimized formats. Learn how to design pipelines around downstream consumers, apply compression and partitioning for performance and"},{"id":2063,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2023\/08\/Query_Measuring-and-Optimizing-Enterprise-Security-Search-Costs.pdf#new_tab","name":"measuring-and-optimizing-enterprise-security-search-costs-2","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2023\/08\/QWP-03_security-cost-tmb.png","alt":"measuring and optimizing enterprise security costs white paper thumbnail"},"title":"Measuring and Optimizing Enterprise Security Search Costs","postMeta":[],"author":{"name":"Dhiraj Sharan","link":"https:\/\/www.query.ai\/resources\/author\/dhiraj\/"},"date":"Aug 22, 2023","dateGMT":"2023-08-22 15:42:45","modifiedDate":"2023-08-22 12:46:01","modifiedDateGMT":"2023-08-22 16:46:01","commentCount":"0","commentStatus":"closed","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":0,"sec":6},"status":"publish","content":"Learn how to measure and optimize your cybersecurity investigation costs by quantifying your analysts' searches per investigation (ASPI)."},{"id":1615,"link":"https:\/\/www.query.ai\/wp-content\/uploads\/2023\/05\/QWP-002_Evaluating-Federated-Search-for-Security.pdf#new_tab","name":"evaluating-federated-search-for-security","thumbnail":{"url":"https:\/\/www.query.ai\/wp-content\/uploads\/2023\/05\/QWP-002_Evaluating-Open-Federated-Search-for-Security_open.png","alt":"Evaluating Federated Search for Security White Paper"},"title":"Evaluating Federated Search for Security","postMeta":[],"author":{"name":"Query","link":"https:\/\/www.query.ai\/resources\/author\/query\/"},"date":"May 9, 2023","dateGMT":"2023-05-09 14:38:07","modifiedDate":"2023-06-28 09:09:31","modifiedDateGMT":"2023-06-28 13:09:31","commentCount":"0","commentStatus":"closed","categories":{"coma":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>","space":"<a href=\"https:\/\/www.query.ai\/resources\/category\/white-papers\/\" rel=\"category tag\">White Papers<\/a>"},"taxonomies":{"post_tag":""},"readTime":{"min":0,"sec":6},"status":"publish","content":"Outlines the evolution of enterprise, distributed, and federated search, and provides a checklist to consider when evaluating federated search for security."}]