Initial public release of RootA, a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automated translation into other languages.
This release includes the initial version of the RootA specification, a description of core capabilities, and examples.
Supported native languages of the query in the detection section when translating from RootA in Uncoder IO:
- Microsoft Sentinel Query (
sentinel-kql-query) - Splunk Query (
splunk-spl-query) - CrowdStrike Query (
crowdstrike-spl-query) - Elasticsearch Query (
elastic-lucene-query) - AWS OpenSearch Query (
opensearch-lucene-query) - Falcon LogScale Query (
logscale-lql-query) - Microsoft Defender for Endpoint Query (
mde-kql-query) - IBM QRadar Query (
qradar-aql-query) - AWS Athena Query (Security Lake) (
athena-sql-query) - Chronicle Security Query (
chronicle-yaral-query)