honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Reword EQL intro

This commit is contained in:
James Rodewig 2020-10-14 10:02:22 -04:00
parent ac2b668016
commit 5fc25442c4
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/reference/eql/eql.asciidoc
View File

@ -20,10 +20,11 @@ Many query languages allow you to match only single events. EQL lets you match a
sequence of events across different event categories and time spans.
* *EQL has a low learning curve.* +
<<eql-syntax,EQL syntax>> looks like other query languages. It lets you write
and read queries intuitively, which makes for quick, iterative searching.
<<eql-syntax,EQL syntax>> looks like other common query languages, such as SQL.
It lets you write and read queries intuitively, which makes for quick, iterative
searching.
* *We designed EQL for security use cases.* +
* *EQL is designed for security use cases.* +
While you can use EQL for any event-based data, we created EQL for threat
hunting. EQL not only supports indicator of compromise (IOC) searching but
makes it easy to describe activity that goes beyond IOCs.