An IDE and translation engine for detection engineers and threat hunters. Be faster, write smarter, keep 100% privacy.
!=
operator in Splunk queries and improved the logic of processing other operatorslevel
field into some platformsand not
operator!=
, >
, <
, >=
, and <=
for Splunk, Microsoft Sentinel, Falcon LogScale, Chronicle Security, and IBM QRadar>
, <
, >=
, and <=
for Elasticsearch//i
operatorthreat
fieldtags
field when translating| where
operator in translations from RootA with a Microsoft Sentinel Query into Splunk| where
operator instead of and
Public beta release. Core capabilities:
RootA and Sigma Rules can be translated into the following language formats:
opensearch-lucene-query
athena-sql-query
logscale-lql-query
logscale-lql-rule
splunk-spl-query
splunk-spl-rule
sentinel-kql-query
sentinel-kql-rule
mde-kql-query
qradar-aql-query
crowdstrike-spl-query
elastic-lucene-query
elastic-lucene-rule
sigma-yml-rule
chronicle-yaral-query
chronicle-yaral-rule
IOC-based queries can be generated in the following formats:
sentinel-kql-query
mde-kql-query
splunk-spl-query
crowdstrike-spl-query
elastic-lucene-query
opensearch-lucene-query
logscale-lql-query
qradar-aql-query
athena-sql-query
chronicle-yaral-query
The following types of IOCs are supported: