Share Blog Post
Threat intelligence data can be massive, however, security analysts must have access to contextualized information without sifting through heaps of data. In the CTIX v3.1 release, we have introduced Cyware Query Language (CQL), a powerful and flexible way to help analysts search and access threat intelligence and different aspects related to it.
What is Cyware Query Language (CQL)?
Cyware Query Language (CQL) is a powerful and flexible way to search for threat data in CTIX. CQL allows analysts to build powerful queries with sophisticated logic, append multiple conditions, drill deeper into the voluminous intel, and retrieve specific threat data. The CQL helps you gain significant operational insights into your data and make informed decisions.
How does CQL Benefit the Analysts?
- Find intelligence at your fingertips: Using CQL, security analysts can find answers to specific threat data that can help them better comprehend the threat landscape of their organization. For example, an analyst has a complex requirement of querying and obtaining results for a list of malicious IOCs whose confidence score is greater than 75, whose TLP is RED and is enriched from sources such as VirusTotal and Risk IQ. Information on such queries helps security analysts draw critical operational insights into threats relevant to their organization, thereby making informed decisions.
- Don’t reinvent the wheel every time: Once analysts build a CQL query to fetch required information, they can save those queries for futuristic quick references and save time. These saved CQL queries in CTIX can be reused anytime without needing to build them all over again. Moreover, the saved search can be used to create and share reports with stakeholders, helping them make better decisions.
- Advanced search made easy: Analysts can use CQL to search for information in the revamped Threat Data module, schedule specific reports in the revamped Reporting module, and include specific threat data and intelligence in their Threat Bulletins. Additionally, Threat Data and Threat Investigations modules come with a simple search feature with advanced filters that analysts can use to look up information.
Build Powerful Queries with CQL
Security analysts can use CQL to build powerful queries with sophisticated logic and multiple conditions. This helps security analysts gain in-depth insights into the voluminous threat intelligence and retrieve specific threat data. CQL supports quick complex search, bulk actions, instant sharing of reports, thereby increasing analyst efficiency.
Start Accessing the Threat Data You Need
The capability of searching threat intelligence data using CQL in CTIX v3.1 puts analysts a step ahead in gaining access to the right information with relevant context without having them to manually sort through massive data. This latest version helps analysts obtain significant operational insights into their data and make informed decisions.
In a world where cyber threats could bring organizations to their knees, advanced threat intelligence investigating capabilities like CQL play a significant role in enabling security teams to operationalize threat intelligence for proactive threat analysis and mitigation.
Tags
Posted on: May 18, 2022
Related Guides
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
