EQL Analytics Library

Contents

  • Getting Started
  • Analytics
  • Atomic Blue Detections
  • Enterprise ATT&CK Matrix
  • Schemas
  • Resources
    • Blogs
    • Presentations
    • Additional Resources
  • License
EQL Analytics Library
  • Docs »
  • Resources
  • Edit on GitHub

Resources¶

Blogs¶

  • EQL Threat Hunting
  • Ransomware, interrupted: Sodinokibi and the supply chain
  • Detecting Adversary Tradecraft with Image Load Event Logging and EQL
  • EQL’s Highway to Shell
  • Getting Started with EQL
  • EQL For the Masses
  • Introducing EQL

Presentations¶

  • BSides DFW 2019: ATT&CKing Koadic with EQL (slides)
  • BlackHat 2019: Fantastic Red-Team Attacks and How to Find Them (slides, blog)
  • BSides SATX 2019: The Hunter Games: How to Find the Adversary with EQL (slides)
  • Circle City Con 2019: The Hunter Games: How to Find the Adversary with EQL (slides)
  • Atomic Friday: Endgame on EQL (slides, notebook)
  • MITRE ATT&CKcon: From Technique to Detection

Additional Resources¶

  • Atomic Red Team
  • Microsoft Sysmon
  • MITRE ATT&CK™
  • Event Query Language (docs, code, twitter)
  • EQL Analytics Library (docs, code)
Next Previous

© Copyright 2019, Endgame Revision 30243396.

Built with Sphinx using a theme provided by Read the Docs.