Guides
Start typing to search…

Introduction to FSQL

What is FSQL?

Federated Search Query Language (FSQL) is a powerful yet intuitive query language designed specifically for security analysts and threat hunters to search across multiple security data sources through a unified interface. FSQL allows you to retrieve, filter, and analyze security events from diverse platforms without needing to learn different query languages for each system.

Why FSQL?

In today's complex security environments, critical information is often distributed across multiple tools and platforms. FSQL solves the fragmentation problem by providing a consistent way to access and correlate security data, regardless of where it resides.

Key Advantages of FSQL

  • Unified Access: Query across all your security data sources with a single language, eliminating the need to switch between different interfaces and syntax.

  • OCSF-Based Data Model: All data, regardless of source, is represented through the Open Cybersecurity Schema Framework (OCSF), providing a consistent view of security events.

  • Powerful Selection Capabilities: Utilize intuitive attribute selectors with wildcards, expansions, and filters to precisely target the data you need.

  • Observable-Centric Approach: Easily track entities like IPs, domains, and usernames across all your data sources with streamlined observable searches.

  • Flexible Time Range Controls: Specify exact or relative time ranges to focus your investigations on relevant time periods.

  • Comprehensive Filtering: Create sophisticated search conditions with a rich set of operators and the ability to combine filters with logical expressions.

  • Security-Focused Design: Built specifically for security use cases, FSQL understands common security data types and relationships.


Getting Started

This documentation will guide you through FSQL's capabilities, from basic queries to advanced filtering techniques. You'll learn how to effectively search across security data sources, track suspicious activities, and streamline your security investigations with FSQL's powerful yet straightforward syntax.

Whether you're conducting incident response, threat hunting, or routine security monitoring, FSQL provides the tools you need to quickly extract insights from your security data landscape.

Updated 16 days ago