v.1.0.0 beta
Public beta release. Core capabilities:
- Translation from Sigma Rules, a generic rule format for SIEM systems, to specific SIEM, EDR, and Data Lake languages.
- IOC packaging from any non-binary format such as PDF, text, STIX, or OpenIOC to specific SIEM, EDR, and Data Lake languages.
- Translation from RootA Rules, the newly released language for collective cyber defense, to specific SIEM, EDR, and Data Lake languages. Currently, only the basic syntax without complex functions is supported.
RootA and Sigma Rules can be translated into the following language formats:
- AWS OpenSearch Query -
opensearch-lucene-query - AWS Athena Query (Security Lake) -
athena-sql-query - Falcon LogScale Query -
logscale-lql-query - Falcon LogScale Rule -
logscale-lql-rule - Splunk Query -
splunk-spl-query - Splunk Alert -
splunk-spl-rule - Microsoft Sentinel Query -
sentinel-kql-query - Microsoft Sentinel Rule -
sentinel-kql-rule - Microsoft Defender for Endpoint Query -
mde-kql-query - IBM QRadar Query -
qradar-aql-query - CrowdStrike Query -
crowdstrike-spl-query - Elasticsearch Query -
elastic-lucene-query - Elasticsearch Rule -
elastic-lucene-rule - Sigma Rule -
sigma-yml-rule - Chronicle Security Query -
chronicle-yaral-query - Chronicle Security Rule -
chronicle-yaral-rule
IOC-based queries can be generated in the following formats:
- Microsoft Sentinel Query -
sentinel-kql-query - Microsoft Defender for Endpoint Query -
mde-kql-query - Splunk Query -
splunk-spl-query - CrowdStrike Query -
crowdstrike-spl-query - Elasticsearch Query -
elastic-lucene-query - AWS OpenSearch Query -
opensearch-lucene-query - Falcon LogScale Query -
logscale-lql-query - IBM QRadar Query -
qradar-aql-query - AWS Athena Query (Security Lake) -
athena-sql-query - Chronicle Security Query -
chronicle-yaral-query
The following types of IOCs are supported:
- Hash
- Domain
- URL
- IP