EQL is a language to express relationships between events and has the power to normalize your data regardless of data source and not constrained by platform.

The basics of DNS tunneling, some challenges with detection, and some recommendations for detecting these attacks while limiting false positives.

We’ll be looking at collected data to find patterns and signals of maliciousness that, with a relatively low false positive rate, provide the hunter with starti