Cortex XQL for VSCode

Cortex XQL for VSCode is a lightweight Visual Studio Code extension that provides complete syntax highlighting for XQL (Cortex XDR Query Language).

This extension ensures accurate and native-looking colorization of XQL queries, making it easier to write, review, and maintain queries for Cortex XDR.

Features

• Highlights XQL stages (e.g., alter, filter, join, sort, dedup, etc.).
• Highlights built-in XQL functions (e.g., count, avg, json_extract, regexcapture, etc.).
• Highlights operators (e.g., AND, OR, NOT, =, !=, >, <, >=, <=).
• Highlights constants (true, false, null).
• Highlights custom xdm.field.subfield structures automatically.
• Highlights field names in [STRING: key=value] structures.
• Captures and highlights variables (words) before assignment (key=value).
• Native support for common VSCode color themes (Dark+, Light+, etc.).

Usage

Simply install the extension, open any file with the .xql extension, and enjoy full syntax highlighting.

Supported file extensions:

• .xql

Snippets

Common XQL stages are available as code snippets:

• filter → Insert a filter block.
• join → Insert a join stage.
• alter → Insert an alter block.

Type the snippet prefix and hit Tab to expand.

Installation

From VSIX:

1. Download the .vsix file.
2. Open VSCode → Extensions → Install from VSIX....
3. Select the file and install.

From Marketplace (after publication):

1. Open VSCode.
2. Go to Extensions (Ctrl+Shift+X).
3. Search for XQL Syntax Highlighting.
4. Click Install.

Requirements

No special requirements or additional plugins.

Known Issues

• Complex expressions in certain special formats (rare) may require future improvement.
• Auto-complete for field names (xdm.source.ipv4) is not yet implemented.

Release Notes

0.1.0

• Initial release with full syntax highlighting for XQL queries.

License

This project is licensed under the MIT License.

Author

Created by Jeki Angel.
Connect with me on LinkedIn.

Enjoy coding in XQL! 🚀