Skip to main content

Cyware Threat Intelligence eXchange

Cyware Query Language (CQL)

Analysts usually deal with huge volumes of threat intelligence data and it could be challenging to look through these huge volumes of data to find the relevant data. To make it easier for analysts, CTIX supports simple filters to perform a simple search query. However to perform any advanced search queries, CTIX supports Cyware Query Language (CQL) which enables analysts to perform fast, complex, and advanced searches by writing simple queries.

Cyware Query Language (CQL) is a powerful and flexible way to search for threat data elements in CTIX. It helps you gain significant insights into the data that rests in the CTIX application.

Use CQL to find answers to fundamental questions that help you understand the threat landscape of your organization, such as:

  • Do I have objects that are reported as malicious by more than 3 unique sources?

  • What IOCs have been enriched by VirusTotal or Risk IQ and have been reported as malicious?

  • I want a list of indicators whose TLP is Red, confidence is high, is reported by the Mandiant threat intelligence source, enriched by AlienVault, and the verdict is malicious.

CQL queries can help you gain critical security and operational insights on threats relevant to your organization.

CQLgif.gif