How It Works This Uncoder AI feature generates a broad-spectrum KQL detection query for Microsoft Sentinel, based on indicators from CERT-UA#14045 (DarkCrystal RAT). The AI processes a threat report and outputs a query to search logs for strings such as: “Розпорядження.zip” – a suspicious Ukrainian-language file name used to disguise malware “imgurl.ir” – a known […]
How It Works 1. IOC Parsing from Threat Report Uncoder AI automatically identifies and extracts key observables from the threat report, including: Malicious domains like: docs.google.com.spreadsheets.d.l1p6eeakedbmwteh36vana6hu-glaekssht-boujdk.zhblz.com mail.zhblz.com doc.gmail.com.gyehdhhrggdi1323sdnhnsiwvh2uhdqjwdhhfjcjeuejcj.zhblz.com These IOCs are used by the adversary for phishing and staging access to victim mailboxes. Explore Uncoder AI 2. Sentinel-Compatible KQL Generation On the right, Uncoder AI […]
When malware like the Kalambur backdoor leverages native tools like curl.exe to route traffic through TOR, defenders need visibility at the process and command-line level. But in tools like Microsoft Sentinel, queries for such activity—written in Kusto Query Language (KQL)—can quickly grow difficult to interpret. That’s where Uncoder AI’s AI-generated Decision Tree delivers immediate value. […]
How It Works Long and complex detection queries — especially those involving multiple joins, enrichments, and field lookups — often become performance bottlenecks. This is particularly true for queries in Microsoft Sentinel, where misaligned joins or poor field usage can significantly delay results. To address this, SOC Prime’s Uncoder AI introduces AI-driven Query Optimization. The […]
How It Works Uncoder AI supports native integration with Microsoft Sentinel, Google SecOps, and Elastic Stack, enabling users to deploy detection rules directly from the platform. Once a rule is authored or translated within Uncoder AI, the user can instantly push it into their SIEM’s data plane without exporting files or manual upload. In the […]
How It Works Uncoder AI makes it easy to translate Sigma rules into detection formats used by 48 different platforms. Users simply select the desired output language—like Splunk, Sentinel, or CrowdStrike Falcon—and Uncoder AI instantly generates a syntactically valid detection in the chosen format. The translation happens entirely within SOC Prime’s infrastructure, ensuring privacy and […]
How It Works Threat reports often contain valuable Indicators of Compromise (IOCs) — hashes, IP addresses, domain names — that security teams need to operationalize quickly. But manually copying and converting them into queries for platforms like Microsoft Sentinel is slow, error-prone, and distracting from real response. Uncoder AI eliminates this bottleneck by automatically extracting […]
How It Works Turning threat reports into detection logic is often the most time-intensive part of the detection engineering lifecycle. Reports are written for humans, not machines — and transforming narrative threat intelligence into actionable rules can take hours of manual interpretation. Uncoder AI solves this with AI-assisted rule generation from reports. By analyzing threat […]
Working with Microsoft Sentinel often means dissecting complex Kusto queries, especially when tracking subtle attacker behavior. These queries can include nested logic, obscure file path checks, and uncommon system events that require deep understanding. That’s exactly where Uncoder AI’s Full Summary feature shines. This AI-powered enhancement automatically translates complex Microsoft Sentinel (Kusto) detection logic into […]