Researchers from the National University of Singapore and Fudan University have developed ARuleCon, an agentic AI framework that translates security detection rules across multiple SIEM platforms including Splunk, Microsoft Sentinel, IBM QRadar, Google Chronicle, and RSA NetWitness. The system uses an agentic RAG pipeline that retrieves official vendor documentation to handle schema mismatches, combined with Python-based consistency checks in controlled test environments to catch semantic drift. Unlike generic LLMs, which perform poorly due to insufficient SIEM-specific training data, ARuleCon achieves higher accuracy in cross-platform rule conversion. The goal is to reduce SOC workload, simplify multi-SIEM environments, and facilitate SIEM consolidation or migration projects.
Sort: