https://github.com/endgameinc/eqllib
https://github.com/endgameinc/eqllib
Last synced: about 1 month ago
JSON representation
- Host: GitHub
- URL: https://github.com/endgameinc/eqllib
- Owner: endgameinc
- License: mit
- Created: 2018-11-29T20:29:06.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2021-01-20T18:07:11.000Z (over 4 years ago)
- Last Synced: 2024-10-28T20:39:37.552Z (6 months ago)
- Language: Python
- Size: 6.35 MB
- Stars: 158
- Watchers: 20
- Forks: 47
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# EQL Analytics Library
[](https://eqllib.readthedocs.io/en/latest/?badge=latest)
[](https://gitter.im/eventquerylang/community?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
[](https://twitter.com/eventquerylang)
[](https://eqllib.readthedocs.io)
### Now in [detection-rules](https://github.com/elastic/detection-rules)!
Endgame has [joined forces](https://www.elastic.co/blog/endgame-joins-forces-with-elastic) with Elastic, and EQL is now in the [Detection Engine](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-eql-rule) of Kibana! To find the latest rules written in EQL, KQL or Lucene for the Elastic Stack, please visit [elastic/detection-rules](https://github.com/elastic/detection-rules) on GitHub.
# Getting Started
The Event Query Language Analytics Library (eqllib) is a library of event based analytics, written in EQL to detect adversary behaviors identified in MITRE ATT&CK™.
- [Get started](https://eqllib.readthedocs.io/en/latest/guides/index.html) with EQL on your own computer
- Explore the [analytics](https://eqllib.readthedocs.io/en/latest/analytics.html) that map to ATT&CK.
- Learn how to [write queries](https://eql.readthedocs.io/en/latest/query-guide) in EQL syntax
- Browse our [schemas](https://eqllib.readthedocs.io/en/latest/schemas.html) and existing normalizations