Cyware Query Language (CQL)
Analysts usually deal with huge volumes of threat intelligence data, and it can be challenging to look through these huge volumes of data to find the relevant data. To make it easier for analysts, Intel Exchange supports simple filters to perform a simple search query. However, to perform any advanced search queries, Intel Exchange supports Cyware Query Language (CQL), which enables analysts to perform fast, complex, and advanced searches by writing simple queries.
Cyware Query Language (CQL) is a powerful and flexible way to search for threat data elements in Intel Exchange. It helps you gain significant insights into the data that rests in the Intel Exchange application.
Use CQL to find answers to fundamental questions that help you understand the threat landscape of your organization, such as:
Do I have objects that are reported as malicious by more than 3 unique sources?
What IOCs have been enriched by VirusTotal or Risk IQ and have been reported as malicious?
I want a list of indicators whose TLP is Red, confidence is high, is reported by the Mandiant threat intelligence source, enriched by AlienVault, and the verdict is malicious.
CQL queries can help you gain critical security and operational insights on threats relevant to your organization.
