Initial public release of RootA, a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automated translation into other languages.
This release includes the initial version of the RootA specification, a description of core capabilities, and examples.
Supported native languages of the query in the detection
section when translating from RootA in Uncoder IO:
- Microsoft Sentinel Query (
sentinel-kql-query
) - Splunk Query (
splunk-spl-query
) - CrowdStrike Query (
crowdstrike-spl-query
) - Elasticsearch Query (
elastic-lucene-query
) - AWS OpenSearch Query (
opensearch-lucene-query
) - Falcon LogScale Query (
logscale-lql-query
) - Microsoft Defender for Endpoint Query (
mde-kql-query
) - IBM QRadar Query (
qradar-aql-query
) - AWS Athena Query (Security Lake) (
athena-sql-query
) - Chronicle Security Query (
chronicle-yaral-query
)