Fun Jeopardy

CQL 1

CQL 2

CQL 3

General Knowledge

100

True or False

When searching for files, can you search for files with double extensions?

True

100

What event Query would you use to find connections from an IP?

SourceAddressIP4

100

What operator or string is used to filter out information?

!=, or "not equal to"

100

What does the acronym CQL stand for?

CrowdStrike Query Language

200

TRUE OR FALSE

It is best practice to filter down to relevant data before building a query?

True

200

What event Query would you use to find connections to an IP?

RemoteAddressIP4

200

What are the ways to query(s) for multiple strings at once (this does not include the OR function)

a "space" or "and"

200

What is the purpose of a filter statement?

A filter narrows the dataset to only records matching specified conditions.

300

Which query is written in CQL?

_{A: event_simpleName=NetworkConnect* | stats count by RemotePort}

_{B: | groupBy(RemotePort, limit=max) | sort(_count, order=asc, limit=1000)}

300

What is the query used to find Scheduled Tasks?

Event_simpleName = ScheduledTaskRegistered | search TaskName

300

What query filter would you use for file Hashes?

Sha256HashData

300

In CrowdStrike: where do you navigate to, to use the queries found in our reports?

Advanced Event Search