You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,10 +22,10 @@ The objective of RootA is to accelerate the global cyber industry collaboration.
22
22
23
23
- RootA is expressed using **YAML**, a wide-spread, easy-to-write and human-readable format.
24
24
-**Use any query language** for detection, Uncoder.IO will take care of the translation.
25
-
-**Correlation support.**Equally supporting stateful and stateless detection logic, in order to make detection logic harder to bypass by the attackers, more compute efficient and future proof.
25
+
-**Correlation support.**Common correlations are supported by RootA in order to make detection logic harder to bypass by the attackers, more compute efficient and future proof.
26
26
-**Log sources** can be explicitly or implicitly defined in the native query itself or in the customizable `logsource` field.
27
-
- RootA syntax fully accommodates **OCSF** and **Sigma rules** as taxonomy, making it fast to learn, easy to read and share, and providing maximum compatibility for Detection Engineers.
28
-
-**Threat Actor Timeline.** While Actors change, behaviours stay the same. RootA supports an additional threat intelligence layer for CERTs, NCSCs, ISACs, MDRs, and Defence Agencies, to coordinate defence faster and with greater precision.
27
+
- RootA syntax fully accommodates **OCSF** and **Sigma** as taxonomy, making it fast to learn, easy to read and share, and providing maximum compatibility for Detection Engineers.
28
+
-**Threat Actor Timeline.** While Actors change, behaviours often stay the same. RootA supports an additional threat intelligence layer for CERTs, NCSCs, ISACs, MDRs, and Defence Agencies, to coordinate defence faster and with greater precision.
29
29
-**Mapping to TTPs.** Link detection logic to related tactics, techniques, and procedures in terms of MITRE ATT&CK®. Use custom tags to make the mapping even more tailored and detailed.
30
30
-**Response as Code.** With enough community members and industry adoption, the next step after detection is sharing the code to automate response.
31
31
@@ -133,7 +133,7 @@ We are genuinely grateful to security professionals who contribute their time, e
133
133
The contents of this repo, along with RootA specifications, are in the public domain.
134
134
135
135
## Resources & Useful Links
136
-
[RootA.IO](https://roota.io/) - the main website page
137
-
[RootA Discord Channel](https://tdm.socprime.com/zeptolink/5IAokHui2iWUHaB8/) - join Discord channel to network with RootA enthusiasts
138
-
[Uncoder.IO](https://uncoder.io/) - free online translation engine for RootA, Sigma, and IOC-based queries
139
-
[Uncoder AI](https://tdm.socprime.com/uncoder-ai) - SaaS version of Uncoder acting as advanced IDE for detection engineering
136
+
[RootA.IO](https://roota.io/) - the main website page of the RootA project
137
+
[Uncoder.IO](https://github.com/UncoderIO/UncoderIO/) - source code for translation engine Uncoder.IO which supports RootA, Sigma and IOC packaging into specific SIEM, EDR and Data Lake query formats
138
+
[Uncoder.IO](https://uncoder.io/) - private hosted version of Uncoder.IO since 2018, operated by SOC Prime, does not track you, does not see your code
139
+
[RootA Discord Channel](https://tdm.socprime.com/zeptolink/5IAokHui2iWUHaB8/) - Discord channel to network with RootA enthusiasts
0 commit comments