EQL
EQL
- Event Query Language (EQL) is a query language to parse Windows event logs.
- Used by Elasticsearch, and highly effective when paired with Sysmon logs when converted to JSON (Link to CCNA Definitions)
Metadata
Sources
EQL Threat Hunting | SANS Institute
EQL search | Elasticsearch Guide 8.13 | Elastic
Event Query Language — eql 0.9.18 documentation