Roota is a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automated translation into other languages
Initial public release of RootA, a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automated translation into other languages.
This release includes the initial version of the RootA specification, a description of core capabilities, and examples.
Supported native languages of the query in the detection
section when translating from RootA in Uncoder IO:
sentinel-kql-query
)splunk-spl-query
)crowdstrike-spl-query
)elastic-lucene-query
)opensearch-lucene-query
)logscale-lql-query
)mde-kql-query
)qradar-aql-query
)athena-sql-query
)chronicle-yaral-query
)