CQL 201: Designing and Optimizing CQL Queries is a one-day course that empowers cybersecurity professionals to understand the CrowdStrike Query Language structure and syntax, build specific and efficient queries using CrowdStrike Query Language (CQL), and leverage saved searches in their investigations. Through hands-on labs and practical exercises, participants will learn proper query structure, construct efficient queries, optimize query performance, and leverage the power of CQL to produce meaningful and accurate results for security investigations across the CrowdStrike Falcon® platform and CrowdStrike Falcon Next-Gen SIEM. The course emphasizes real-world application of advanced CQL techniques including aggregation, joins, parameterized queries, and data visualization for efficient, targeted, and well-optimized queries.
Course Highlights:
- Query construction and optimization techniques for complex security investigations
- Implementation of parameterized queries and utilization of pre-built query libraries
- Performance optimization and query efficiency optimization for faster, more accurate investigations
- Source-agnostic data analysis across the Falcon platform ecosystem
