Browse a library of EQL analytics now natively integrated in Elasticsearch since Endgame joined forces with Elastic. EQL in Elasticsearch accommodates non-security users with changes summarized in the Elasticsearch EQL documentation. Get started by installing the EQL module with Python 2.7 and 3.5+, then try a sample json file and test it with EQL commands.
FEATURES
SIMILAR TOOLS
AlienVault OSSIM provides an all-in-one security management solution with asset discovery, vulnerability assessment, and SIEM capabilities.
Windows Event Log Analyzer with logon timeline generator and noise reduction for fast forensics.
Elastic is a search-powered AI company that enables users to find answers from all data in real-time at scale.
Procmon for Linux is a reimagining of the classic Procmon tool from Windows, allowing Linux developers to trace syscall activity efficiently.
A tool that collects and displays user activity and system events on a Windows system.
SysmonSearch makes event log analysis more effective by aggregating Microsoft Sysmon logs and providing detailed analysis through Elasticsearch and Kibana.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.