Event Query Language (EQL) Logo

Event Query Language (EQL)

0
Free
Visit Website

Browse a library of EQL analytics now natively integrated in Elasticsearch since Endgame joined forces with Elastic. EQL in Elasticsearch accommodates non-security users with changes summarized in the Elasticsearch EQL documentation. Get started by installing the EQL module with Python 2.7 and 3.5+, then try a sample json file and test it with EQL commands.

FEATURES

ALTERNATIVES

ELAT (Event Log Analysis Tool) is a tool that helps in analyzing Windows event logs for malware detection.

Free

A dynamic GUI for advanced log analysis, allowing users to execute SQL queries on structured log data.

Free

IBM QRadar is a SIEM solution for real-time threat detection.

Free

A toolset for collecting and processing netflow/ipfix and sflow data from netflow/sflow compatible devices.

Free

Open source security data lake for AWS with real-time log normalization and Detection-as-Code capabilities.

Free

A tool collection for filtering and visualizing logon events, designed for experienced DFIR specialists in threat hunting and incident response.

Free

Investigate malicious logons by visualizing and analyzing Windows Active Directory event logs with LogonTracer.

Free

A community-led project focused on standardizing security event logs.

Free