Tag: SentinelOne detection

IOC-to-Query Conversion for SentinelOne in Uncoder AI
IOC-to-Query Conversion for SentinelOne in Uncoder AI

How It Works 1. IOC Extraction from Threat Report Uncoder AI automatically parses and categorizes indicators from the incident report (on the left), including: Malicious domains, such as: mail.zhblz.com docs.google.com.spreadsheets.d.l1p6eeakedbmwteh36vana6hu-glaekssht-boujdk.zhblz.com doc.gmail.com.gyehdhhrggdi1323sdnhnsiwvh2uhdqjwdhhfjcjeuejcj.zhblz.com These domains are linked to phishing documents, spoofed login portals, and data exfiltration endpoints. Explore Uncoder AI 2. SentinelOne-Compatible Query Generation On the right, […]

Read More
Detecting NimScan Activity in SentinelOne with Uncoder AI
Detecting NimScan Activity in SentinelOne with Uncoder AI

Potentially Unwanted Applications (PUAs) like NimScan.exe can silently operate within enterprise environments, probing internal systems or facilitating lateral movement. Detecting these tools early is critical to prevent network-wide compromise. A SentinelOne detection rule recently analyzed in SOC Prime’s Uncoder AI platform highlights this threat by identifying events where the target process path or IMPhash signature […]

Read More