EQL Analytics Library Logo

EQL Analytics Library

A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.

165
Security Operations
Free
Visit website
Claim and verify your listing
0

EQL Analytics Library Description

The EQL Analytics Library (eqllib) is a collection of event-based analytics written in Event Query Language (EQL) designed to detect adversary behaviors identified in the MITRE ATT&CK framework. The library provides detection rules in multiple query languages including EQL, KQL (Kibana Query Language), and Lucene, making it compatible with the Elastic Stack ecosystem. These analytics are specifically crafted to identify tactics, techniques, and procedures (TTPs) used by threat actors as documented in the MITRE ATT&CK knowledge base. The library has been integrated into the Detection Engine of Kibana, allowing security teams to leverage pre-built detection rules for threat hunting and security monitoring activities. The rules focus on event-based detection, analyzing security events and logs to identify suspicious patterns and behaviors that may indicate adversary activity within an environment.

EQL Analytics Library FAQ

Common questions about EQL Analytics Library including features, pricing, alternatives, and user reviews.

EQL Analytics Library is A library of event-based analytics written in EQL to detect adversary behaviors identified in MITRE ATT&CK, providing detection rules for the Elastic Stack.. It is a Security Operations solution designed to help security teams with Threat Hunting, Elasticsearch, Threat Detection.

Have more questions? Browse our categories or search for specific tools.

FEATURED

Hudson Rock Cybercrime Intelligence Tools Logo
Hudson Rock Cybercrime Intelligence Tools

Cybercrime intelligence tools for searching compromised credentials from infostealers

Proton Pass Logo
Proton Pass

Password manager with end-to-end encryption and identity protection features

Mandos Fractional CISO Logo
Mandos Fractional CISO

Fractional CISO services for B2B companies to build security programs

Stay Updated with Mandos Brief

Get the latest cybersecurity updates in your inbox

TRENDING CATEGORIES

Digital Forensics and Incident Response
Digital Forensics and Incident Response (DFIR) tools for digital forensic analysis, evidence collection, malware analysis, and cyber incident investigation.
511
Offensive Security
Offensive security tools for penetration testing, red team exercises, exploit development, and ethical hacking activities.
457
Threat Intelligence Platforms
TIP for collecting, analyzing, and sharing cyber threat data, indicators of compromise (IOCs), and threat feeds.
280
Honeypots & Deception
Honeypots and cyber deception solution that simulate vulnerable systems to detect, divert, and analyze attacker activities in real time.
192
Security Information and Event Management
SIEM platforms for centralized security log management, correlation, alerting, and compliance reporting.
148
View All Categories →

POPULAR

RoboShadow Logo
RoboShadow

Automated vulnerability assessment and remediation platform

13
Cybersec Feeds Logo
Cybersec Feeds

A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.

7
TestSavant AI Security Assurance Platform Logo
TestSavant AI Security Assurance Platform

AI security assurance platform for red-teaming, guardrails & compliance

5
OSINTLeak Real-time OSINT Leak Intelligence Logo
OSINTLeak Real-time OSINT Leak Intelligence

Real-time OSINT monitoring for leaked credentials, data, and infrastructure

5
Mandos Brief Logo
Mandos Brief

Weekly cybersecurity newsletter covering security incidents, AI, and leadership

5
View Popular Tools →