Query Comms: Mar 24 - Mar 28
Enabling Better Security Decisions: What’s New in Query Federated Search
Security investigations aren’t linear. They are a series of questions, answers, pivots, and decisions.
That’s why we’ve focused on enhancing what happens after the query in the latest release of Query Federated Search.
IDEA: What if you could spend less time finding and preparing the data and more time analyzing it and responding?
CrowdStrike and Query Federated Search: Better Together
CrowdStrike is far more than an EDR platform. With tools like Spotlight, Identity Protection, and LogScale, the Falcon platform delivers massive coverage, but also a lot of data! How do you search across all that data without duplicating it?
🔍 Enter Query Federated Search.
Query connects directly to Falcon APIs, LogScale, and Falcon Data Replicator (FDR), letting you:
✅ Search across all CrowdStrike data without duplicating it
✅ Normalize detections, incidents, and alerts into one data model: OCSF
✅ Correlate CrowdStrike data with Microsoft Intune, Entra ID, JAMF, Cribl, and more
✅ Support Zero Trust Assessments and Identity Protection use cases
✅ Enable smoother migrations from incumbent EDRs like Carbon Black or MDE
✅ Enhance decision support in complex or decentralized environments
It’s not a SIEM replacement—it’s a force multiplier.
👀 Learn how SOC teams are using Federated Search to simplify investigations, eliminate data silos, and get full-fidelity answers faster.
Recommended by LinkedIn
Delta Lake for Security Teams: Scalable Log Management & Analysis
Security teams are drowning in data. Firewalls, EDRs, IDS, and cloud logs generate terabytes of telemetry daily while traditional SIEMs and log management tools struggle with cost, scale, and performance.
Enter Delta Lake, an open table format that eliminates vendor lock-in while ensuring ACID transactions, schema enforcement, and high-speed analytics for security operations. With Delta, SecOps and SecDataOps teams can:
✅ Ingest high-velocity security logs at scale
✅ Query historical + real-time data with DuckDB, Athena, & PySpark
✅ Run detections faster without waiting on SIEM indexing
✅ Reduce costs by decoupling compute from storage
✅ Keep full-fidelity logs without breaking the budget
Why does this matter?
🔹 Faster threat detection with structured, scalable log storage
🔹 More flexibility for detection engineering & security investigations
🔹 Open-source, cost-effective, and not locked in to a single vendor
We break it all down in our latest blog, including how to set up Delta Lake for security data, generate synthetic logs, and run real-world security queries with DuckDB.
#SecDataOpsCast — SecDataOps WorkshopPart 2: Something About the Analysis Phase
In this episode of SecDataOpsCast, Neal Bridges and Jonathan Rau take a deep dive into the evolving world of security data operations.
Hear recent experiences from hands-on consulting engagements, detailing how organizations handle (or sometimes mishandle) security data — from gathering logs to building effective data flow diagrams.
Jon and Neal deliver tried and tested strategies, techniques, and contrasting methods they use to navigate complex security architectures. They also explore current industry shifts, such as Google’s latest developments in cloud security and acquisition strategies. Hear clear context on how these trends affect day-to-day operations.