Welcome to the CQL-Hub Backend Repository
This repository powers cql-hub.com: A free, community-driven hub for CrowdStrike Falcon SIEM queries.
All queries stored here are automatically published and made visible on the CQL-Hub website, making it easier for everyone to discover, share, and use detection and hunting queries.
- Community-first: Contributions from security practitioners worldwide.
- Free & Open: All queries are open source and available for everyone to use.
- Structured & Searchable: Queries are stored in YAML format with metadata, making them easy to filter, search, and organize on cql-hub.com.
- Visit cql-hub.com to browse and search the queries.
- Copy the CQL into Falcon SIEM or select your Falcon region and hit "Run Query in Falcon"
We welcome contributions from the community!
- If you want to submit a new query, please read our Contributing Guide.
- Use the CQL Hub YAML Builder to create queries in the correct format.
- Queries submitted here will automatically appear on the CQL-Hub site once merged.
This repository is released under the MIT License.
All queries are free to use, share, and adapt. Attribution is appreciated.