Skip to content

v.1.0.0

Latest
Compare
Choose a tag to compare
@UncoderIO UncoderIO released this 23 Nov 12:54
· 36 commits to main since this release
3fb1a96

Initial public release of RootA, a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automated translation into other languages.

This release includes the initial version of the RootA specification, a description of core capabilities, and examples.

Supported native languages of the query in the detection section when translating from RootA in Uncoder IO:

  • Microsoft Sentinel Query (sentinel-kql-query)
  • Splunk Query (splunk-spl-query)
  • CrowdStrike Query (crowdstrike-spl-query)
  • Elasticsearch Query (elastic-lucene-query)
  • AWS OpenSearch Query (opensearch-lucene-query)
  • Falcon LogScale Query (logscale-lql-query)
  • Microsoft Defender for Endpoint Query (mde-kql-query)
  • IBM QRadar Query (qradar-aql-query)
  • AWS Athena Query (Security Lake) (athena-sql-query)
  • Chronicle Security Query (chronicle-yaral-query)