Commit Graph

3 Commits (1baaa6e3f1232332aac38e20d1ac92b3e370fb2e)

Author SHA1 Message Date
Alexandre Dulaunoy 91e1c8bdcd
chg: [query] add Kusto Query Language (KQL)
Ref: https://twitter.com/castello_johnny/status/1540732973753847808
2022-06-25 19:20:13 +02:00
Alexandre Dulaunoy fd58bdd7b7
chg: [query] add missing SPL language (Splunk) format
Thanks to https://twitter.com/nbareil/status/1540633706959863813 @nbareil
2022-06-25 11:56:15 +02:00
Alexandre Dulaunoy 07b6883c93
new: [query] query object to describe search queries on SIEM and other tools
MISP object template designed following requests and especially this twitter thread:

https://twitter.com/castello_johnny/status/1540610057263628289

I added a list of sane default based on the ones I have seen being used:

      "sane_default": [
        "event query language (eql)",
        "keyword query language (kql)",
        "Query DSL",
        "Query (Elastic Search)",
        "Sigma",
        "Lucene query",
        "Google search query",
        "Ariel Query Language (qradar)",
        "Grep",
        "Devo LINQ"
      ],

Thanks to Gianni Castaldi and others for ideas.

The object can be expanded and improved over the time and the needs
to share new queries.
2022-06-25 11:37:41 +02:00