The ThreatQ Signature Operation integration is designed to streamline the transformation and deployment of detection logic by converting Sigma rules (Custom Type signatures in ThreatQ) into KQL (Kusto Query Language) signatures. These KQL signatures can be seamlessly exported to Microsoft Azure Sentinel for immediate operational use. This simplifies detection rule management, enhances interoperability, and helps security teams accelerate threat response within their existing threat intelligence workflows.

The integration performs the following actions:

• Convert – transforms a Sigma rule into a KQL (Kusto Query Language) query and creates a new signature linked to the original object.
• Export to Sentinel – deploys the generated KQL rule to Microsoft Azure Sentinel and saves it in the specified workspace for use under the Log Queries tab.

The integration is compatible with ThreatQ Custom type signatures.