Abstract: Security Operations Centers (SOCs) depend on SIEM detection rules to identify malicious activity, but detection logic is tightly bound to platform-specific query languages such as SPL ...