You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+6-6
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@
8
8
Uncoder IO is an open-source version of it's SaaS counterpart https://uncoder.io and its AI co-pilot version Uncoder AI. Since 2018, Uncoder IO has been a fast, private, and easy-to-use online translator for Sigma Rules, maintaining 100% privacy of its users. An open-source Uncoder IO expands use cases into the following:
9
9
- Translation from Sigma Rules, a generic rule format for SIEM systems, to specific SIEM, EDR, and Data Lake languages
10
10
- IOC packaging from any non-binary format such as PDF, text, STIX, or OpenIOC to specific SIEM, EDR, and Data Lake languages
11
-
- Translation from Roota Rules, the newly released language for collective cyber defense, to specific SIEM, EDR, and Data Lake languages.
11
+
- Translation from [Roota](https://github.com/UncoderIO/RootA/blob/main/README.md) Rules, the newly released language for collective cyber defense, to specific SIEM, EDR, and Data Lake languages.
12
12
13
13
Uncoder is developed by a team of Detection Engineers, Threat Hunters, and CTI Analysts from Ukraine, Europe, USA, Argentina, and Australia to perform their daily job and nightly cyber defense hobbies faster & better, making their outcomes easier to share for the collective good.
14
14
@@ -31,14 +31,14 @@ Uncoder is developed by a team of Detection Engineers, Threat Hunters, and CTI A
31
31
32
32
## :pretzel: Roota & Sigma Translation Engine
33
33
34
-
Uncoder IO supports automated translation of Roota and Sigma rules into multiple SIEM, EDR, XDR, and Data Lake formats.
34
+
Uncoder IO supports automated translation of [Roota](https://github.com/UncoderIO/RootA/blob/main/README.md) and Sigma rules into multiple SIEM, EDR, XDR, and Data Lake formats.
35
35
-**Sigma** is a generic and open signature format that allows you to describe relevant log events in a straightforward manner, which received industry adoption across 155 countries by over 8000 organizations according to SOC Prime's download and translation statistics.
36
36
37
-
- **Roota** is an open-source language that supports query definition directly in specific SIEM languages, vendor-agnostic correlation syntax, MITRE ATT&CK 14.0 for code autocompletion, and log source taxonomy autocomplete function based on Amazon's OCSF or Sigma. Roota+Uncoder serve as the first bridge towards full cyber security languages compatibility, where one day, knowing one specific language (say SPL or KQL) or generic language (say Roota or Sigma) would mean that you have master expertise in them all. This way, your complex detection logic can be rendered in other languages in an automated fashion. In case a native rule or query contains functions unsupported by Roota or target technology, those functions won’t be translated, with a corresponding note appended to the code translation. This is done so that experts can either manually complete translations if they know both source and destination languages, or use Uncoder AI to manually take care of such scenarios. If sharing with Sigma was easy, sharing with Roota is natural and future-proof.
37
+
- **[Roota](https://github.com/UncoderIO/RootA/blob/main/README.md)** is an open-source language that supports query definition directly in specific SIEM languages, vendor-agnostic correlation syntax, MITRE ATT&CK 14.0 for code autocompletion, and log source taxonomy autocomplete function based on Amazon's OCSF or Sigma. Roota+Uncoder serve as the first bridge towards full cyber security languages compatibility, where one day, knowing one specific language (say SPL or KQL) or generic language (say Roota or Sigma) would mean that you have master expertise in them all. This way, your complex detection logic can be rendered in other languages in an automated fashion. In case a native rule or query contains functions unsupported by Roota or target technology, those functions won’t be translated, with a corresponding note appended to the code translation. This is done so that experts can either manually complete translations if they know both source and destination languages, or use Uncoder AI to manually take care of such scenarios. If sharing with Sigma was easy, sharing with Roota is natural and future-proof.
38
38
39
39
## :pizza: Roota & Sigma Rule Editor
40
40
41
-
Uncoder IO supports a built-in Sigma and Roota rules autocompletion wizard suggesting code enhancements with latest MITRE ATT&CK and log source dictionaries to streamline the rule creation process. AI or not, Uncoder is here to make it easier to code.
41
+
Uncoder IO supports a built-in Sigma and [Roota](https://github.com/UncoderIO/RootA/blob/main/README.md) rules autocompletion wizard suggesting code enhancements with latest MITRE ATT&CK and log source dictionaries to streamline the rule creation process. AI or not, Uncoder is here to make it easier to code.
42
42
43
43
## :popcorn: IOC Query Generator
44
44
@@ -49,7 +49,7 @@ Uncoder IO acts as an open-source IOC packager helping CTI and SOC analysts as w
49
49
Uncoder IO can be run on-prem without a need for an internet connection, thus supporting air-gapped network operation. We do however suggest checking for updates and deploying them regularly. Meanwhile, a SaaS version still ensures 100% privacy with no cookie tracking, no data or code logging, or sharing with third parties. Even with options for Uncoder AI functions, you are always in control of your code and data.
50
50
51
51
# :dna: Supported Language Formats
52
-
Roota and Sigma Rules can be translated into the following formats:
52
+
[Roota](https://github.com/UncoderIO/RootA/blob/main/README.md) and Sigma Rules can be translated into the following formats:
@@ -182,7 +182,7 @@ If the input rule cannot be translated, you'll see an error message. When transl
182
182
6. Click Translate.
183
183
184
184
## :coffee: Writing rules
185
-
Write a Roota or Sigma rule in the input panel. Benefit from code templates, syntax highlighting, autocomplete suggester with MITRE ATT&CK, and other nice little features that improve coding experience.
185
+
Write a [Roota](https://github.com/UncoderIO/RootA/blob/main/README.md) or Sigma rule in the input panel. Benefit from code templates, syntax highlighting, autocomplete suggester with MITRE ATT&CK, and other nice little features that improve coding experience.
186
186
187
187
# :bulb: How to Contribute
188
188
Thank you for your interest in the Uncoder IO open-source project! Your contribution really matters in evolving the project and helping us make Uncoder IO even more useful for the global cyber defender community.
0 commit comments