EQL Analytics Library

Getting Started

The Event Query Language Analytics Library (eqllib) is a library of event based analytics, written in EQL to detect adversary behaviors identified in MITRE ATT&CK™.

Get started with EQL on your own computer
Explore the analytics that map to ATT&CK.
Learn how to write queries in EQL syntax
Browse our schemas and existing normalizations

scudette/eqllib

EQL Analytics Library

Getting Started