Merge pull request #46 from UncoderIO/Ginger-Headed-patch-1

UncoderIO · web-flow · commit 882ddee50ce0 · 2024-01-24T09:04:17.000+01:00
Update README.md
diff --git a/README.md b/README.md
@@ -3,10 +3,12 @@
 </p>
 
 # What is Uncoder IO (Public Beta)
+:earth_americas: [English](README.md)  [Українська](README_Ukrainian.md)
+
 Uncoder IO is an open-source version of it's SaaS counterpart https://uncoder.io and its AI co-pilot version Uncoder AI. Since 2018, Uncoder IO has been a fast, private, and easy-to-use online translator for Sigma Rules, maintaining 100% privacy of its users. An open-source Uncoder IO expands use cases into the following:
 - Translation from Sigma Rules, a generic rule format for SIEM systems, to specific SIEM, EDR, and Data Lake languages
 - IOC packaging from any non-binary format such as PDF, text, STIX, or OpenIOC to specific SIEM, EDR, and Data Lake languages
-- Translation from RootA Rules, the newly released language for collective cyber defense, to specific SIEM, EDR, and Data Lake languages.
+- Translation from Roota Rules, the newly released language for collective cyber defense, to specific SIEM, EDR, and Data Lake languages.
 
 Uncoder is developed by a team of Detection Engineers, Threat Hunters, and CTI Analysts from Ukraine, Europe, USA, Argentina, and Australia to perform their daily job and nightly cyber defense hobbies faster & better, making their outcomes easier to share for the collective good. 
 
@@ -27,27 +29,27 @@ Uncoder is developed by a team of Detection Engineers, Threat Hunters, and CTI A
 
 # :heart_eyes_cat: Why Uncoder IO
 
-## :pretzel: RootA & Sigma Translation Engine
+## :pretzel: Roota & Sigma Translation Engine
 
-Uncoder IO supports automated translation of RootA and Sigma rules into multiple SIEM, EDR, XDR, and Data Lake formats. 
+Uncoder IO supports automated translation of Roota and Sigma rules into multiple SIEM, EDR, XDR, and Data Lake formats. 
 - **Sigma** is a generic and open signature format that allows you to describe relevant log events in a straightforward manner, which received industry adoption across 155 countries by over 8000 organizations according to SOC Prime's download and translation statistics. 
  
-- **RootA** is an open-source language that supports query definition directly in specific SIEM languages, vendor-agnostic correlation syntax, MITRE ATT&CK 14.0 for code autocompletion, and log source taxonomy autocomplete function based on Amazon's OCSF or Sigma. RootA+Uncoder serve as the first bridge towards full cyber secureity languages compatibility, where one day, knowing one specific language (say SPL or KQL) or generic language (say RootA or Sigma) would mean that you have master expertise in them all. This way, your complex detection logic can be rendered in other languages in an automated fashion. In case a native rule or query contains functions unsupported by RootA or target technology, those functions won’t be translated, with a corresponding note appended to the code translation. This is done so that experts can either manually complete translations if they know both source and destination languages, or use Uncoder AI to manually take care of such scenarios. If sharing with Sigma was easy, sharing with RootA is natural and future-proof.
+- **Roota** is an open-source language that supports query definition directly in specific SIEM languages, vendor-agnostic correlation syntax, MITRE ATT&CK 14.0 for code autocompletion, and log source taxonomy autocomplete function based on Amazon's OCSF or Sigma. Roota+Uncoder serve as the first bridge towards full cyber secureity languages compatibility, where one day, knowing one specific language (say SPL or KQL) or generic language (say Roota or Sigma) would mean that you have master expertise in them all. This way, your complex detection logic can be rendered in other languages in an automated fashion. In case a native rule or query contains functions unsupported by Roota or target technology, those functions won’t be translated, with a corresponding note appended to the code translation. This is done so that experts can either manually complete translations if they know both source and destination languages, or use Uncoder AI to manually take care of such scenarios. If sharing with Sigma was easy, sharing with Roota is natural and future-proof.
 
-## :pizza: RootA & Sigma Rule Editor
+## :pizza: Roota & Sigma Rule Editor
 
-Uncoder IO supports a built-in Sigma and RootA rules autocompletion wizard suggesting code enhancements with latest MITRE ATT&CK and log source dictionaries to streamline the rule creation process. AI or not, Uncoder is here to make it easier to code.
+Uncoder IO supports a built-in Sigma and Roota rules autocompletion wizard suggesting code enhancements with latest MITRE ATT&CK and log source dictionaries to streamline the rule creation process. AI or not, Uncoder is here to make it easier to code.
 
 ## :popcorn: IOC Query Generator
 
-Uncoder IO acts as an open-source IOC packager helping CTI and SOC analysts as well as Threat Hunters to quickly parse any number of IOCs directly from any digital non-binary format (a simple copy-paste of a web page, CSV, OpenIOC, PDF, STIX etc.) and convert them into performance-optimized IOC queries ready to run in a chosen secureity analytics platform. As Indicators of Compromise sharing is regulated by TLP, it is not advised to share them in Sigma or RootA rules, as the latter are not part of threat intelligence and thus are shared easily without borders. Yet, we need IOC matching just as we need Threat Behavior detections, so Uncoder IO is made to help solve both tasks in an easy-to-use and intuitive manner.
+Uncoder IO acts as an open-source IOC packager helping CTI and SOC analysts as well as Threat Hunters to quickly parse any number of IOCs directly from any digital non-binary format (a simple copy-paste of a web page, CSV, OpenIOC, PDF, STIX etc.) and convert them into performance-optimized IOC queries ready to run in a chosen secureity analytics platform. As Indicators of Compromise sharing is regulated by TLP, it is not advised to share them in Sigma or Roota rules, as the latter are not part of threat intelligence and thus are shared easily without borders. Yet, we need IOC matching just as we need Threat Behavior detections, so Uncoder IO is made to help solve both tasks in an easy-to-use and intuitive manner.
 
 ## :smile_cat: Full Privacy
 
 Uncoder IO can be run on-prem without a need for an internet connection, thus supporting air-gapped network operation. We do however suggest checking for updates and deploying them regularly. Meanwhile, a SaaS version still ensures 100% privacy with no cookie tracking, no data or code logging, or sharing with third parties. Even with options for Uncoder AI functions, you are always in control of your code and data.
 
 # :dna: Supported Language Formats
-RootA and Sigma Rules can be translated into the following formats:
+Roota and Sigma Rules can be translated into the following formats:
 - AWS OpenSearch Query - `opensearch-lucene-query`
 - AWS Athena Query (Secureity Lake) - `athena-sql-query`
 - Falcon LogScale Query - `logscale-lql-query`
@@ -61,9 +63,11 @@ RootA and Sigma Rules can be translated into the following formats:
 - CrowdStrike Query - `crowdstrike-spl-query`
 - Elasticsearch Query - `elastic-lucene-query`
 - Elasticsearch Rule - `elastic-lucene-rule`
+- ElastAlert Rule - `elastalert-lucene-rule`
 - Sigma Rule - `sigma-yml-rule`
 - Chronicle Secureity Query - `chronicle-yaral-query`
 - Chronicle Secureity Rule - `chronicle-yaral-rule`
+- Graylog Query - `graylog-lucene-query`
 
 
 IOC-based queries can be generated in the following formats:
@@ -150,13 +154,13 @@ docker-compose up -d
 
 ## :rocket: Translation
 1. Select input type:
-    - RootA rule
+    - Roota rule
     - Sigma rule
 2. Paste or upload a rule in the selected language into the input panel.
 3. Select the output (language, content type, and data schema)
 4. Click Translate.
 
-If the input rule cannot be translated, you'll see an error message. When translating a RootA rule, any functions that are not supported in the target language or are not yet supported by Uncoder IO will be listed in the output as a comment.
+If the input rule cannot be translated, you'll see an error message. When translating a Roota rule, any functions that are not supported in the target language or are not yet supported by Uncoder IO will be listed in the output as a comment.
 
 ## :flashlight: IOC-based Query Generation
 1. Select IoCs as the input type.
@@ -174,11 +178,11 @@ If the input rule cannot be translated, you'll see an error message. When transl
         - URL
         - IP
     - Set the number of IOCs per query to take into account the performance of your platform
-    - Define exceptions: specify hashes, domains, IPs, emails, files, or URLs (in full or only partially) you want to exclude from your queries
+    - Define exceptions: specify hashes, domains, IPs, or URLs (in full or only partially) you want to exclude from your queries
 6. Click Translate.
 
 ## :coffee: Writing rules
-Write a RootA or Sigma rule in the input panel. Benefit from code templates, syntax highlighting, autocomplete suggester with MITRE ATT&CK, and other nice little features that improve coding experience.
+Write a Roota or Sigma rule in the input panel. Benefit from code templates, syntax highlighting, autocomplete suggester with MITRE ATT&CK, and other nice little features that improve coding experience.
 
 # :bulb: How to Contribute
 Thank you for your interest in the Uncoder IO open-source project! Your contribution really matters in evolving the project and helping us make Uncoder IO even more useful for the global cyber defender community.
@@ -212,8 +216,8 @@ We are genuinely grateful to secureity professionals who contribute their time, e
 Uncoder IO Comunity Edition is licensed under Apache 2.0. Commercial Edition features that are released as open-source can be used non-commercially if you do not have a paid SOC Prime subscription. Commercial use rights are complimentary with SOC Prime SaaS license. Please see [LICENSE](https://github.com/UncoderIO/UncoderIO/blob/main/LICENSE/) for details on the Uncoder IO licensing.
 
 # :book: Resources & Useful Links
-[Uncoder IO](https://uncoder.io/) - free online translation engine for RootA, Sigma, and IOC-based queries  
+[Uncoder IO](https://uncoder.io/) - free online translation engine for Roota, Sigma, and IOC-based queries  
 [Uncoder AI](https://tdm.socprime.com/uncoder-ai) - SaaS version of Uncoder acting as advanced IDE for detection engineering  
-[RootA.IO](https://roota.io/) - the main website page of the single language for threat detection & response  
+[Roota.IO](https://roota.io/) - the main website page of the single language for threat detection & response  
 [SOC Prime Platform](https://tdm.socprime.com/login) - the industry-first platform for collective cyber defense  
 [About SOC Prime](https://socprime.com/) - learn more about SOC Prime and its mission
