Tracking a simulated multi-stage intrusion from initial access through ransomware deployment using CrowdStrike Query Language (CQL) in Falcon’s Advanced Event Search.