{"id":13453724,"url":"https://github.com/endgameinc/eql","last_synced_at":"2026-01-19T12:36:40.023Z","repository":{"id":39793827,"uuid":"159723419","full_name":"endgameinc/eql","owner":"endgameinc","description":null,"archived":false,"fork":false,"pushed_at":"2025-11-14T19:13:00.000Z","size":1126,"stargazers_count":224,"open_issues_count":6,"forks_count":45,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-11-14T20:21:24.188Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/endgameinc.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-11-29T20:28:14.000Z","updated_at":"2025-10-29T07:54:01.000Z","dependencies_parsed_at":"2024-01-25T05:49:50.210Z","dependency_job_id":null,"html_url":"https://github.com/endgameinc/eql","commit_stats":null,"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/endgameinc/eql","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/endgameinc%2Feql","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/endgameinc%2Feql/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/endgameinc%2Feql/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/endgameinc%2Feql/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/endgameinc","download_url":"https://codeload.github.com/endgameinc/eql/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/endgameinc%2Feql/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28567938,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-19T08:53:44.001Z","status":"ssl_error","status_checked_at":"2026-01-19T08:52:40.245Z","response_time":67,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T08:00:46.044Z","updated_at":"2026-01-19T12:36:40.017Z","avatar_url":"https://github.com/endgameinc.png","language":"Python","readme":"# Event Query Language\n[![PyPI](https://img.shields.io/pypi/v/eql.svg)](https://pypi.python.org/pypi/eql)\n[![Build](https://github.com/endgameinc/eql/actions/workflows/pythonpackage.yml/badge.svg)](https://github.com/endgameinc/eql/actions/workflows/pythonpackage.yml)\n[![Documentation](https://readthedocs.org/projects/eql/badge/?version=latest)](https://eql.readthedocs.io/en/latest/?badge=latest)\n[![License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)\n\n![What is EQL?](docs/_static/eql-whoami.jpg)\nBrowse a [library of EQL analytics](https://eqllib.readthedocs.io)\n\n## Now in Elasticsearch!\n\nSince Endgame [joined forced with Elastic](https://www.elastic.co/blog/endgame-joins-forces-with-elastic), EQL is now natively integrated in Elasticsearch! See the Elasticsearch [EQL documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/eql.html) for more information. Also, please note that we have made a few changes to EQL in Elasticsearch to accomodate non-security users. Those are best summarized [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-syntax.html#eql-unsupported-syntax).\n\n# Getting Started\n\nThe EQL module requires Python 3.8 or higher. Assuming a supported Python version is installed, run the command:\n\n```console\n$ pip install eql\n```\n\nIf Python is configured and already in the PATH, then ``eql`` will be readily available, and can be checked by running the command:\n\n```console\n$ eql --version\neql 0.9.20\n```\n\nFrom there, try a [sample json file](docs/_static/example.json) and test it with EQL.\n\n```console\n$ eql query -f example.json \"process where process_name == 'explorer.exe'\"\n{\"command_line\": \"C:\\\\Windows\\\\Explorer.EXE\", \"event_type\": \"process\", \"md5\": \"ac4c51eb24aa95b77f705ab159189e24\", \"pid\": 2460, \"ppid\": 3052, \"process_name\": \"explorer.exe\", \"process_path\": \"C:\\\\Windows\\\\explorer.exe\", \"subtype\": \"create\", \"timestamp\": 131485997150000000, \"user\": \"research\\\\researcher\", \"user_domain\": \"research\", \"user_name\": \"researcher\"}\n```\n\n# Next Steps\n- Browse a [library of EQL analytics](https://eqllib.readthedocs.io)\n- Check out the [query guide](https://eql.readthedocs.io/en/latest/query-guide/index.html) for a crash course on writing EQL queries\n- View usage for interactive [shell](https://eql.readthedocs.io/en/latest/cli.html)\n- Explore the [API](https://eql.readthedocs.io/en/latest/api/index.html) for advanced usage or incorporating EQL into other projects\n","funding_links":[],"categories":["Threat Detection and Hunting"],"sub_categories":["Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fendgameinc%2Feql","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fendgameinc%2Feql","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fendgameinc%2Feql/lists"}