Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/endgameinc/eqllib


https://github.com/endgameinc/eqllib

Last synced: 19 days ago
JSON representation

Awesome Lists containing this project

README 

        
# EQL Analytics Library

[![Library Link](https://readthedocs.org/projects/eqllib/badge/?version=latest)](https://eqllib.readthedocs.io/en/latest/?badge=latest)

[![Gitter](https://badges.gitter.im/eventquerylang/community.svg)](https://gitter.im/eventquerylang/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)

[![Twitter Follow](https://img.shields.io/twitter/follow/eventquerylang.svg?style=social)](https://twitter.com/eventquerylang)



[![alt text](docs/_static/eql-whoami.jpg "What is EQL")](https://eqllib.readthedocs.io)



### Now in [detection-rules](https://github.com/elastic/detection-rules)!

   Endgame has [joined forces](https://www.elastic.co/blog/endgame-joins-forces-with-elastic) with Elastic, and EQL is now in the [Detection Engine](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-eql-rule) of Kibana! To find the latest rules written in EQL, KQL or Lucene for the Elastic Stack, please visit [elastic/detection-rules](https://github.com/elastic/detection-rules) on GitHub.



# Getting Started



The Event Query Language Analytics Library (eqllib) is a library of event based analytics, written in EQL to detect adversary behaviors identified in MITRE ATT&CK™.



- [Get started](https://eqllib.readthedocs.io/en/latest/guides/index.html) with EQL on your own computer 

- Explore the [analytics](https://eqllib.readthedocs.io/en/latest/analytics.html) that map to ATT&CK. 

- Learn how to [write queries](https://eql.readthedocs.io/en/latest/query-guide) in EQL syntax 

- Browse our [schemas](https://eqllib.readthedocs.io/en/latest/schemas.html) and existing normalizations