Enterprises migrating between SIEM platforms often have to manually rewrite detection rules because vendors such as Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle use different query languages and data models.
Researchers now say AI may be able to automate much of that work, though security experts remain divided over whether the problem really requires AI at all.
Researchers from the National University of Singapore and collaborators say their system, called ARuleCon, can translate SIEM rules across platforms while preserving detection logic. In tests involving nearly 1,500 rule conversions, the framework improved translation accuracy by roughly 10% to 15% over baseline large ...