Overview
In ThreatConnect®, you can build structured queries with a SQL-like query language called ThreatConnect Query Language (TQL) to perform highly targeted searches of your data. A TQL query includes a parameter name, an operator, and a value or list of values, and you can combine multiple queries with parentheses and AND/OR logic.
Use cases for TQL in ThreatConnect include the following:
- Searching and filtering threat intelligence data with the advanced search feature on the Browse screen
- Visualizing data with Query cards in custom dashboards
- Creating associations between a Group and objects returned via a TQL query
- Configuring query-based Chart and Table sections in reports and report templates
- Selecting specific Groups to add as analysis layers to standard ATT&CK® views in the ATT&CK Visualizer
- Filtering data in responses returned from requests to the ThreatConnect v3 API
In This Series
- Running Advanced Searches With TQL: Learn how to run TQL queries on the Browse screen with the advanced search feature, save TQL queries, and manage saved TQL queries.
- Constructing Query Expressions: Learn how to construct TQL queries and view examples of TQL queries you can use in ThreatConnect.
- TQL Operators and Parameters: View all TQL operators and parameters currently available in ThreatConnect.
- TQL Generator: Learn about the TQL Generator, including how to generate TQL queries based on a prompt written in plain English and share feedback to help ThreatConnect improve the feature.
ThreatConnect® is a registered trademark of ThreatConnect, Inc.
MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation.
20052-01 v.19.A