Flex Your Threat Response Queries with Cyware Query Language (CQL)
CFTR • Sep 27, 2022
When it comes to managing a large number of threat data, security analysts have a lot on their plate. It is a cumbersome task to find relevant data just by using the standard search and filter options. In the latest release of our fusion and threat response platform, CFTR v3.1, we have introduced Cyware Query Language (CQL) that allows security analysts to write simple queries to fetch appropriate data and save lots of time and effort. It is important to note that the CQL support already exists in Cyware’s threat intelligence platform, CTIX, and now has been extended to CFTR.
Why Cyware Query Language (CQL)?
Using CQL, security analysts can now build powerful and structured queries with sophisticated logic to retrieve relevant data from module listing pages. Let’s learn about the other capabilities that CQL offers in CFTR v3.1.
-
Flexible querying: Akin to other structured query languages, CQL provides a syntax for security analysts to request queries textually but with more flexible and extensive querying capabilities such as searching for keywords or keyword exceptions. Also, CQL helps in exporting and reporting in a more flexible way by providing the relevant data
-
Advanced filtering: CFTR is equipped with a wide range of advanced filters that can be used to narrow down any given query. Within a few clicks, security analysts can seek answers to their queries with the help of the in-built filters. CQL is capable of fetching greater than, less than, and equal numeric values and dates.
-
Use of multiple conditions: Security analysts can add multiple conditions together to create queries, filtering out the noise or exploring data more deeply. That’s where CQL provides assistance.
Making a Security Analyst’s Life Easier
CQL helps solve the different challenges that security analysts face in their day-to-day data filtering operations and helps reduce their workload in different ways.
-
Reuse CQL Queries: Once analysts build a CQL query to fetch information, they can save those queries for future references and reuse them later without building them again. Furthermore, the saved search can be used to create and share reports with key stakeholders, helping them make better decisions.
-
Reduced Response Time: CQL comes with advanced filtering options that allow security analysts to accelerate their investigations and reduce the mean time to respond (MTTR) to threats. For example, security teams can quickly retrieve the high-priority IP Spoofing incidents that are in the open state.
Get Your Queries Answered Now!
Cyware amplifies security teams’ potential and increases their efficiency and productivity by giving them the flexibility to search data better with CQL. With CQL, Cyware empowers security teams with powerful search and the flexibility to query across their automated threat response platform (CFTR), enabling them to conduct quick responses.
Book a free demo to learn how you can get your queries answered via CQL.
