How It Works Uncoder AI makes it easy to translate Sigma rules into detection formats used by 48 different platforms. Users simply select the desired output language—like Splunk, Sentinel, or CrowdStrike Falcon—and Uncoder AI instantly generates a syntactically valid detection in the chosen format. The translation happens entirely within SOC Prime’s infrastructure, ensuring privacy and […]
How It Works In fast-paced detection engineering, syntax mistakes and structural oversights happen — especially when working across multiple platforms or under tight response deadlines. Catching and fixing these issues manually is tedious, time-consuming, and often overlooked. With Uncoder AI’s Syntax and Structure Validation, detection authors can now validate their rules — both syntactically and […]
How It Works Threat reports often contain valuable Indicators of Compromise (IOCs) — hashes, IP addresses, domain names — that security teams need to operationalize quickly. But manually copying and converting them into queries for platforms like Microsoft Sentinel is slow, error-prone, and distracting from real response. Uncoder AI eliminates this bottleneck by automatically extracting […]
How It Works Writing detection rules often starts with a question: What am I trying to find, and under what conditions? But even the best threat intel reports don’t come prepackaged in platform-ready syntax. Uncoder AI’s Custom Prompt Generation bridges that gap. This feature allows users to input natural language descriptions of the behavior they […]
Modern SOC teams dealing with Splunk Detections need to process large volumes of detection logic written in SPL. The challenge? Much of it is complex, verbose, and time-consuming to understand—when working with Splunk content from external sources or Sigma-based rules converted to Splunk format. Uncoder AI’s Full AI-generated Summary tackles this exact pain point by […]
Sometimes when working with fields in SPL, it can be useful to search for and replace parts of text found in the field. Some reasons for doing this might be:– removing white space to reduce the size of the field– replacing field separators with characters that look nicer– rearranging values in a field in an […]
The rare command in Splunk helps you find the least common values in a specific field of your data. This is useful for spotting unusual or infrequent events. By default, the rare command in Splunk returns the 10 least common values for a specified field. Find Rare User Agents To identify the least common user agents in your web […]
The Splunk coalesce function returns the first non-null value among its arguments. It’s useful for normalizing data from different sources with varying field names. For example, to unify multiple source IP fields into a single src_ip field:
The map command in Splunk is a powerful tool that enables executing secondary searches based on the results of a primary search. This capability allows for dynamic, nested investigations, making it particularly useful in cybersecurity for uncovering indicators of compromise (IOCs) or analyzing specific user activity patterns. Example of using – we can make the […]
In some scenarios, you may need to save the results of a search into another index—for example, to reuse the data for correlation or trend analysis. The collect command in Splunk allows you to write search results into a summary index for long-term storage or faster analysis. Example: Aggregate Failed Login Attempts Suppose you want […]