RootA Versions Save

Initial public release of RootA, a public-domain language of threat detection and response that combines native queries from a SIEM, EDR, XDR, or Data Lake with standardized metadata and threat intelligence to enable automated translation into other languages.

This release includes the initial version of the RootA specification, a description of core capabilities, and examples.

Supported native languages of the query in the detection section when translating from RootA in Uncoder IO:

• Microsoft Sentinel Query (sentinel-kql-query)
• Splunk Query (splunk-spl-query)
• CrowdStrike Query (crowdstrike-spl-query)
• Elasticsearch Query (elastic-lucene-query)
• AWS OpenSearch Query (opensearch-lucene-query)
• Falcon LogScale Query (logscale-lql-query)
• Microsoft Defender for Endpoint Query (mde-kql-query)
• IBM QRadar Query (qradar-aql-query)
• AWS Athena Query (Security Lake) (athena-sql-query)
• Chronicle Security Query (chronicle-yaral-query)