See https://eqllib.readthedocs.io for documentation
The Event Query Language Analytics Library (eqllib) is a library of event based analytics, written in EQL to detect adversary behaviors identified in MITRE ATT&CK™.
- Get started with EQL on your own computer
- Explore the analytics that map to ATT&CK.
- Learn how to write queries in EQL syntax
- Browse our schemas and existing normalizations