EQL Analytics Library

Now in detection-rules!

Endgame has joined forces with Elastic, and EQL is now in the Detection Engine of Kibana! To find the latest rules written in EQL, KQL or Lucene for the Elastic Stack, please visit elastic/detection-rules on GitHub.

Getting Started

The Event Query Language Analytics Library (eqllib) is a library of event based analytics, written in EQL to detect adversary behaviors identified in MITRE ATT&CK™.

Get started with EQL on your own computer
Explore the analytics that map to ATT&CK.
Learn how to write queries in EQL syntax
Browse our schemas and existing normalizations

Name		Name	Last commit message	Last commit date
Latest commit History 62 Commits
.github		.github
data		data
docs		docs
eqllib		eqllib
tests		tests
utils		utils
.gitignore		.gitignore
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
MANIFEST.in		MANIFEST.in
Makefile		Makefile
README.md		README.md
requirements_rtd.txt		requirements_rtd.txt
setup.cfg		setup.cfg
setup.py		setup.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

EQL Analytics Library

Now in detection-rules!

Getting Started

About

Releases

Packages

Contributors 4

Languages

License

endgameinc/eqllib

Folders and files

Latest commit

History

Repository files navigation

EQL Analytics Library

Now in detection-rules!

Getting Started

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 4

Languages

Packages