You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-9Lines changed: 3 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,13 +35,9 @@ RootA is designed to welcome all members of cyber defence industry, maximising t
35
35
-**Mapping to TTPs.** Link detection logic to related tactics, techniques, and procedures in terms of MITRE ATT&CK®. Use custom tags to make the mapping even more tailored and detailed.
36
36
-**Response as Code.** With enough community members and industry adoption, the next step after detection is sharing the code to automate response.
37
37
38
-
### Community Collaboration
39
-
-**Use Case Documentation.** Relying on the RootA language, cyber defenders can seamlessly document and share their threat research in a universal format describing the whole use case enriched with CTI, ATT&CK tagging, and other relevant fields.
40
-
-**Knowledge Sharing.** RootA enables defenders to share vendor-agnostic use cases enriched with comprehensive metadata rather than mere detection logic to foster global information exchange among industry peers.
41
-
-**Collective Cyber Defense.** Despite all cyber defenders having a common goal, they tend to speak different languages. To bridge this gap, we’ve created RootA, a single language for threat detection and response.
42
-
43
38
## Writing RootA Rules
44
-
You can start writing RootA rules in any code editor that supports YAML. We recommend using Uncoder IO which aggregates built-in RootA templates to streamline your detection engineering process.
39
+
You can start writing RootA rules in any code editor that supports YAML.
40
+
To translate RootA rules to other languages use Uncoder.IO by building it from source https://github.com/UncoderIO/UncoderIO or hosted online privately by SOC Prime since 2018 at https://uncoder.io
45
41
46
42
RootA is designed with broad customization opportunities. Use the RootA minimal template if you just need to capture seamless cross-platform query translation into any SIEM, EDR, or XDR native format. Alternatively, apply full or short RootA templates to document your security use case in detail and share the research with peers.
47
43
@@ -139,9 +135,7 @@ We are genuinely grateful to security professionals who contribute their time, e
139
135
The contents of this repo, along with RootA specifications, are in the public domain.
140
136
141
137
## Resources & Useful Links
142
-
[RootA.IO](https://roota.io/) - the main website page of the single language for threat detection & response
138
+
[RootA.IO](https://roota.io/) - the main website page
143
139
[RootA Discord Channel](https://tdm.socprime.com/zeptolink/5IAokHui2iWUHaB8/) - join Discord channel to network with RootA enthusiasts
144
140
[Uncoder.IO](https://uncoder.io/) - free online translation engine for RootA, Sigma, and IOC-based queries
145
141
[Uncoder AI](https://tdm.socprime.com/uncoder-ai) - SaaS version of Uncoder acting as advanced IDE for detection engineering
146
-
[SOC Prime Platform](https://tdm.socprime.com/login) - the industry-first platform for collective cyber defense
147
-
[About SOC Prime](https://socprime.com/) - learn more about SOC Prime and its mission
0 commit comments