Skip to main content
Blog

A Guide to Netography Query Language (NQL)

By October 27, 2022No Comments

A Guide to Netography Query Language (NQL) 

By William Toll, Sr. Director, Product Marketing

Netography Fusion’s Netography Query Language enables security pros to search enriched network traffic flow records, create, save and use custom searches to analyze rapidly, investigate, and respond to suspicious traffic or incidents. For example, users can isolate and analyze specific traffic, geo activity, bad-actors configurations, and more. It’s the industry’s most granular flexible flow record search capability, and when combined with custom search flows, and alerts, you can apply saved searches to new or pre-built dashboards. The Netography Query Language (NQL) is the basis for accomplishing many tasks within the product. Some example searches are: searching for flows, alerts, or interfaces or filtering statistics and aggregations, or defining custom algorithms to alert on.

What are some sample use cases for NQL?

For Security Analysts:

Security analysts research and maintain an understanding and awareness of the overall cyber threat landscape (advanced persistent threat groups, malware campaigns, botnets, hacktivism, DDoS attacks, geopolitical activities, etc.) or identify critical business needs or intelligence collection priorities/ For them, NQL queries are a powerful research platform.

For Threat Hunters:

Threat hunters can harness vast amounts of flow data and use creative investigative techniques to identify & analyze network flow data to find adversary tactics, techniques, and procedures (TTPs). With this, they can develop and implement new security controls and detections based on various attack vectors. 

Sample NQL queries from the guide

We’ve created a downloadable guide, “The Top 14 NQL Queries”. The guide provides details on how NQL queries are structured and the language and rules used in them. Netography customers also have access to training videos and detailed tutorials.

Here is a sample NQL from the guide that enables analysts to discover compromised devices that have outbound traffic to T1 CoC. NOTE: NQL supports both real-time searching and look-back searching. The interface is simple and features some helpful auto-complete and error syntax explanations.

Example NQL Query from the Top 14 Netography Query Language Guide

Search for and alert on geo-activity

 

Here is another sample NQL from the guide that enables network security pros or network administrators to find drift between deployments.

 

Example NQL Query from the Top 14 Netography Query Language Guide

Configuration validation or misconfiguration

Example NQL Query from the Top 14 Netography Query Language Guide

 

Getting started with your own NQLs is easy. NQL supports both real-time searching and look-back searching. The interface is simple and features some helpful auto-complete and error syntax explanations.

Netography Fusion screenshot with NQL syntax dropdown

Network Flow Search

We think you’ll see just how flexible and powerful NQL can be, so download your copy of the guide today. Want more information about Netography Fusion and NQL? Contact us for a quick demo.