Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

v.1.0.0 beta

Choose a tag to compare

@UncoderIOUncoderIO released this 23 Nov 12:50
· 778 commits to main since this release
f47a762
This commit was created on GitHub.com and signed with GitHub’sverified signature. The key has expired.
GPG key ID:4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Public beta release. Core capabilities:

  • Translation from Sigma Rules, a generic rule format for SIEM systems, to specific SIEM, EDR, and Data Lake languages.
  • IOC packaging from any non-binary format such as PDF, text, STIX, or OpenIOC to specific SIEM, EDR, and Data Lake languages.
  • Translation from RootA Rules, the newly released language for collective cyber defense, to specific SIEM, EDR, and Data Lake languages. Currently, only the basic syntax without complex functions is supported.

RootA and Sigma Rules can be translated into the following language formats:

  • AWS OpenSearch Query -opensearch-lucene-query
  • AWS Athena Query (Security Lake) -athena-sql-query
  • Falcon LogScale Query -logscale-lql-query
  • Falcon LogScale Rule -logscale-lql-rule
  • Splunk Query -splunk-spl-query
  • Splunk Alert -splunk-spl-rule
  • Microsoft Sentinel Query -sentinel-kql-query
  • Microsoft Sentinel Rule -sentinel-kql-rule
  • Microsoft Defender for Endpoint Query -mde-kql-query
  • IBM QRadar Query -qradar-aql-query
  • CrowdStrike Query -crowdstrike-spl-query
  • Elasticsearch Query -elastic-lucene-query
  • Elasticsearch Rule -elastic-lucene-rule
  • Sigma Rule -sigma-yml-rule
  • Chronicle Security Query -chronicle-yaral-query
  • Chronicle Security Rule -chronicle-yaral-rule

IOC-based queries can be generated in the following formats:

  • Microsoft Sentinel Query -sentinel-kql-query
  • Microsoft Defender for Endpoint Query -mde-kql-query
  • Splunk Query -splunk-spl-query
  • CrowdStrike Query -crowdstrike-spl-query
  • Elasticsearch Query -elastic-lucene-query
  • AWS OpenSearch Query -opensearch-lucene-query
  • Falcon LogScale Query -logscale-lql-query
  • IBM QRadar Query -qradar-aql-query
  • AWS Athena Query (Security Lake) -athena-sql-query
  • Chronicle Security Query -chronicle-yaral-query

The following types of IOCs are supported:

  • Hash
  • Domain
  • URL
  • IP
Assets2
Loading
[8]ページ先頭
©2009-2025 Movatter.jp