LQL Overview
https://docs.lacework.net/lql/restricted/lql-overview

The Lacework Query Language (LQL) is an SQL-like query language for specifying the selection, filtering, and manipulation of data. Queries let you interactively request information from curated datasources. Queries have a defined structure for authoring detections.

LQL enables you to find non-compliant resources or suspicious activity by querying data ingested from cloud providers, Kubernetes, CloudTrail activity logs, and the Lacework agent. Then you can associate queries with policies, which contain rich reporting metadata.

LQL Operators
https://docs.lacework.net/lql/restricted/lql-operators

LQL uses conventional SQL notation for arithmetic, comparisons, and logical operations.

LQL Functions
https://docs.lacework.net/lql/restricted/lql-functions

This topic lists all Lacework Query Language functions alphabetically.

Datasource Metadata
https://docs.lacework.net/lql/restricted/datasource-metadata

This topic lists the datasources and metadata supported by the Lacework Policy Platform.

Relative Time Specifiers for LQL Queries
https://docs.lacework.net/cli/cli-time-format#relative-time-specifiers-for-lql-queries

Relative times allow you to represent time values dynamically, using specifiers that represent an offset from the current time. For instance, a relative time of -24h produces a date/time that is 24 hours less the current time. Relative times can also snap to a particular time. For instance, a relative time of @d would represent the start of the current day.

Agent

N/A

Platform

Using Lacework/Operationalizing

Cloud

N/A