EQL is a language to express relationships between events and has the power to normalize your data regardless of data source and not constrained by platform.

The basics of DNS tunneling, some challenges with detection, and some recommendations for detecting these attacks while limiting false positives.