In today’s fast-moving security landscape, efficient data analysis is everything. Security teams need to query, transform, and enrich data seamlessly to detect threats faster and improve investigations. That’s where ES|QL comes in.
Â
This interactive workshop is designed to help you unlock the full potential of ES|QL, empowering you to construct powerful queries, extract meaningful insights, and optimize security analytics. Whether you’re a SOC analyst, threat hunter, or security engineer, this workshop will give you the practical skills to elevate your security investigations with ES|QL.
• Demystify ES|QL: Learn the foundational concepts and syntax to build effective queries.
• Master Processing Commands: Understand how to manipulate, calculate, and transform data to extract meaningful insights.
• Leverage Advanced Functions: Utilize string, date-time, IP, conditional, and type conversion functions to enhance query efficiency.
• Enrich Security Analytics: Learn how to refine and enrich data for deeper security analysis and improved decision-making.
Â
PrerequisitesÂ
• Understanding of security operations and SIEM tools including Elastic Security
• Understanding of Elastic Common Schema (ECS)
• Understanding of existing Elastic Query Languages
Elasticsearch is a trademark of Elasticsearch B.V., registered in the U.S. and in other countries. Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS, and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries