Olivia
Online
Query
@query_ai
Federated Search for Security Teams //
Atlanta, Georgia
Joined January 2018
164 Following
179 Followers
1.2K Posts
No detection rule fired. The hunt found 9 compromised hosts.
Query Workers ran a 7-day Living-off-the-Land hunt across Windows, Linux & AWS — banking trojan, keylogger, staged wiper, all pre-detonation.
Full audit trail: https://t.co/NWUY37lQLQ
#SIEM #cybersecurity
More time is spent pulling data than analyzing it. Each Query Worker automates a SecOps job across every connected source, builds the evidence chain, and flags what it couldn’t verify. Your analysts make the call.
Full investigation gallery: https://t.co/Ur1cZ0MY4V
#AISOC
When it was a short week but you work in security
Query puts your security data to work. 50+ connectors. Unified data model. No pipelines to build or maintain.
Centralize the insights, not the data.
https://t.co/O6dSkxJnQS
'Detection coverage gaps' aren't detection problems. They're ingestion problems.
S3 logs, SaaS audit trails, EDR data tiered to cold — invisible to your SIEM, invisible to your rules.
Federated Detections runs the logic where data lives. No ETL.
https://t.co/OsfPL0d9hH
Your AI Security Agents trying to reach the security data they actually need but you slapped them on top of a single repo because centralization
We gave a Query Worker one prompt: “hunt for OAuth app-consent abuse”
35 mins later:
• 25 federated queries
• 5 production-ready detections
• 3 critical telemetry gaps identified across Entra/JumpCloud/AWS
That’s AI-native threat hunting on the security data mesh
#AISOC
A Query Worker ran a threat hunt across 5 AWS accounts + Azure from one prompt.
12 queries later it found:
• Read-only roles stopping CloudTrail
• New IAM users created
• Unauthorized admin policy attachments
Then it generated detections + a remediation plan automatically.
What does it cost to index 6 months of CrowdStrike telemetry into Splunk?
More than storing it in S3 and searching it with Query. A lot more.
Dhiraj Sharan walks through how one customer did exactly that:
https://t.co/9YVC0Dv6v1
#cybersecurity #SecDataOps #federatedsearch
Are your SIEM retention periods driven by licensing pressure or investigative need?
20-question self-assessment to find out what your security data architecture is actually costing you: https://t.co/z6zaWHIgnx
#SIEM #cybersecurity #SecDataOps
3 ?'s you should ask your AI security vendor
• Can you see the actual query syntax?
• Can you independently rerun searches/verify results?
• Can you see what failed?
Matt Eberhart on why "explainable AI" usually isn't: https://t.co/TBnQHRkcmI
#AISOC #cybersecurity #SIEM
Here's a Worker running a threat hunt for OAuth app-consent abuse across Entra, JumpCloud, and AWS.
Result?
Thirty-five minutes. Structured hypothesis, 25 queries across three platforms, five detections ready for soak, and a gap inventory that makes the next hunt better.
Sarah Paulson bravely protesting her SIEM bill at the 2026 Met Gala
Most AI security agents have a model. They don't have normalized data.
Okta says actor.alternateId. Entra says userPrincipalName. CrowdStrike says something else.
Agents guess. You get silent hallucinations that read well but aren't true.
The fix: https://t.co/Tv2FrVxfHV
We are excited to announce Mike Black as our new Forward Deployed Solutions Architect!
Mike is a seasoned cyber professional with extensive experience getting customers to value.
In this role, Mike will innovate on architectural success with Security Data Mesh clients.
Most security data pipeline projects start with the wrong question
"How do we move it?" vs. "What does this data need to do once it lands?"
If you move it right, big ROI. If you move it wrong... big mess
Best practices: https://t.co/7lBiuzl7yr
#SIEM #SecDataOps #cybersecurity
Splunk works. The economics don't.
Stop choosing between visibility and budget. Query federates search across 50+ sources — right from your Splunk console. No migration. No ingestion costs.
https://t.co/fF0W2utjoy
#splunk #SIEM #cybersecurity
Running a threat hunt for cloud API abuse across five AWS accounts/Azure.
1 prompt. 12 queries across five AWS accounts. 4 confirmed findings. 4 detections. And a remediation plan. Full attribution on every result.
That's a Worker running a hunt on the Query security data mesh
When you can't ingest all the data you need into your SIEM, detection gaps grow.
Query Federated Detections decouples detection from ingestion.
Write detection logic once, execute it directly against wherever the data lives. No data movement or pipeline project.
#cybersecurity
The average analyst experience is like being a flying cow in a tornado movie.
• Average of 11 consoles per investigation
• 20% time lost to manual data aggregation
• 42% of alerts uninvestigated
Want to help your analysts get back on solid ground?
https://t.co/amNFQVj1ie
Last Seen Users on Sotwe
ชอบ สูงวัย50+
Seen from Brazil
Avila luckas
Seen from United States
໊ 
Seen from France
nenen 🤤
Seen from Indonesia
💕하린페티쉬판매💕팬티판매하린👙입던팬티💋중고속옷🩱입던브라🧦입던양말
Seen from United States
Nicholas Hui
Seen from Indonesia
Heverton lima 🔱 SP
Seen from Brazil
Marcus onei
Seen from United States
Türk | Porno Sex İFŞA
Seen from Turkey
kosong
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers