Talon CQL

Syntax highlighting for CrowdStrike CQL (LogScale Query Language) in code blocks.

Overview
Scorecard
Updates3

Obsidian plugin — syntax highlighting for CrowdStrike CQL (LogScale Query Language)

Threat hunters who document their work in Obsidian — playbooks, runbooks, DFIR notes — can now get proper syntax highlighting for embedded CQL queries. No equivalent plugin exists in the Obsidian community.

Talon CQL syntax highlighting

Usage

```cql
#event_simpleName=ProcessRollup2
ImageFileName=/powershell\.exe/i
| groupBy([ComputerName, CommandLine], function=count())
| sort(count, order=desc)
```

Also accepts ```logscale as an alias.

Works in both reading mode and editing mode.

Install

Community Plugin

Install from the Obsidian Community Plugins directory, or search for Talon CQL in Settings → Community Plugins.

Manual

Download main.js, manifest.json, styles.css from the latest release
Create .obsidian/plugins/talon-cql/ in your vault
Copy the three files there
Enable in Settings → Community Plugins

What gets highlighted

Token	Example
Event fields	`#event_simpleName`, `#aid`, `#cid`
Built-in functions	`groupBy`, `eval`, `timeChart`, `join`
Namespaced functions	`array:contains`, `math:abs`, `time:hour`
Keywords	`case`, `and`, `or`, `not`, `asc`, `desc`
Operators	`\|` `:=` `=~` `!=` `<=` `>=`
Strings	`"double"` `'single'`
Regex literals	`/pattern/i`
Numbers	`42`, `3.14`
Comments	`//` and `/* */`

Query Templates

Ready-to-use hunting queries in templates/:

File	Content
`process-hunting.cql`	LOLBins, encoded PowerShell, parent-child chains
`network-hunting.cql`	Beaconing, suspicious ports, geo anomalies
`identity-hunting.cql`	Brute force, off-hours logons, LSASS access

Build

npm install
npm run build   # production → generates main.js
npm run dev     # watch mode for development

References

License

MIT

98%

HealthExcellent

ReviewPassed

About

Add syntax highlighting for CrowdStrike CQL (LogScale Query Language) in Obsidian, working in both edit and preview modes and accepting the alias "logscale". Highlight event fields, built-in and namespaced functions, keywords, operators, strings, regex, numbers and comments, and include ready-to-use hunting query templates.

Syntax Languages

Details

Current version

0.1.2

Last updated

16 hours ago

Created

Yesterday

Updates

3 releases

Downloads

Compatible with

Obsidian 1.0.0+

Platforms

Desktop, Mobile

License

MIT

Author

Caio Lopesclivoa

clivoa

Install

Community Plugin

Install from the Obsidian Community Plugins directory, or search for Talon CQL in Settings → Community Plugins.

Manual

Download main.js, manifest.json, styles.css from the latest release

Create .obsidian/plugins/talon-cql/ in your vault

Copy the three files there

Enable in Settings → Community Plugins

What gets highlighted

Token

Example

Event fields

#event_simpleName, #aid, #cid

Built-in functions

groupBy, eval, timeChart, join

Namespaced functions

array:contains, math:abs, time:hour

Keywords

case, and, or, not, asc, desc

Operators

| := =~ != <= >=

Strings

"double" 'single'

Regex literals

/pattern/i

Numbers

42, 3.14

Comments

// and /* */

File

Content

process-hunting.cql

LOLBins, encoded PowerShell, parent-child chains

network-hunting.cql

Beaconing, suspicious ports, geo anomalies

identity-hunting.cql

Brute force, off-hours logons, LSASS access

Talon CQL

Usage

Install

Community Plugin

Manual

What gets highlighted

Query Templates

Build

References

License

Talon CQL

Usage

Install

Community Plugin

Manual

What gets highlighted

Query Templates

Build

References

License

Related plugins

GDScript Syntax Highlighting

CodeSuite

Simplified Chinese Word Splitting

Easy Typing

LanguageTool

VSCode Editor

Fountain Editor

Dictionary

Shiki Highlighter

YouVersion Linker