Articles by Ross Wolf

Elastic Security has opened its detection rules repository to the world. We will develop rules in the open alongside the community, and we’re welcoming your community-driven detections. This is an opportunity to share collective security knowledge...

We’re excited to announce the new release of more EQL analytics and tooling, including an interactive shell, to make EQL even more usable and powerful.

We created the Event Query Language (EQL) for hunting and real-time detection, with a simple syntax that helps practitioners express complex queries.

EQL is a language to express relationships between events and has the power to normalize your data regardless of data source and not constrained by platform.


EQL for the masses

Event Query Language is an extensible, powerful language built in-house at Endgame to express relationships between security-relevant events.