Connectors Overview

Connectors serve as the Integration Control Plane between Query and the many distributed sources that house your security data. Each Connector translates your search terms into an efficient query, then normalizes the responses it receives.

There are two classifications of Connectors in the Query Platform:

• Static Schema Connectors - pre-built integrations into upstream data sources with fixed schemas, such as Endpoint Detection & Response (EDR) tools (ie. Crowdstrike Falcon) or Identity Providers (ie. Okta or Azure Entra ID). Static Schema connectors are purpose-built to cover specific data of interest and Query has mapped the schema of the source systems to the Query Data Model. You cannot modify or edit the schema mapping of static schema connectors.
• Dynamic Schema Connectors - pre-built integrations into upstream data sources with custom schemas, such as Data Lakes and Data Warehouses (ie. Amazon S3 or Security Lake, Google BigQuery, or Snowflake) or SIEM and Log Management platforms (ie. Crowdstrike Falcon NextGen SIEM, Google SecOps, or Splunk). Dynamic schema connectors provide an interface and translation layer into these platforms. Customers must map their data into the Query Data Model to surface specific Entities, Events and Objects from which to search. This is done using the Configure Schema feature.