Tag: Splunk

Instant Domain Matching Logic for Splunk via Uncoder AI
Instant Domain Matching Logic for Splunk via Uncoder AI

How It Works This feature in Uncoder AI ingests structured IOCs from threat reports — in this case, dozens of malicious domains tied to credential phishing (e.g., fake Google, Microsoft, and Telegram login portals). The tool processes and structures the data to automatically output a Splunk-compatible detection query. Domain-Based Filtering with dest_host The output query […]

Read More
AI-Powered SPL Rule Generation for WRECKSTEEL IOC Detection
AI-Powered SPL Rule Generation for WRECKSTEEL IOC Detection

How It Works Uncoder AI converts complex threat intelligence—like the CERT-UA#14283 report on the WRECKSTEEL PowerShell stealer—into Splunk’s Search Processing Language (SPL) for direct deployment in security analytics workflows. It parses IOC-rich reports containing hashes, URLs, domains, and behavioral indicators to generate multi-index SPL queries aligned with Splunk’s native event and network telemetry. On the […]

Read More
Translate from Sigma into 48 Languages
Translate from Sigma into 48 Languages

How It Works Uncoder AI makes it easy to translate Sigma rules into detection formats used by 48 different platforms. Users simply select the desired output language—like Splunk, Sentinel, or CrowdStrike Falcon—and Uncoder AI instantly generates a syntactically valid detection in the chosen format. The translation happens entirely within SOC Prime’s infrastructure, ensuring privacy and […]

Read More
Let AI Catch the Bugs: Uncoder AI Validates Detection Rule Syntax and Logic
Let AI Catch the Bugs: Uncoder AI Validates Detection Rule Syntax and Logic

How It Works In fast-paced detection engineering, syntax mistakes and structural oversights happen — especially when working across multiple platforms or under tight response deadlines. Catching and fixing these issues manually is tedious, time-consuming, and often overlooked. With Uncoder AI’s Syntax and Structure Validation, detection authors can now validate their rules — both syntactically and […]

Read More
From IOCs to Queries: How Uncoder AI Automates Threat Intelligence Action
From IOCs to Queries: How Uncoder AI Automates Threat Intelligence Action

How It Works Threat reports often contain valuable Indicators of Compromise (IOCs) — hashes, IP addresses, domain names — that security teams need to operationalize quickly. But manually copying and converting them into queries for platforms like Microsoft Sentinel is slow, error-prone, and distracting from real response. Uncoder AI eliminates this bottleneck by automatically extracting […]

Read More
Custom AI Prompting in Uncoder AI Enables On-Demand Detection Generation
Custom AI Prompting in Uncoder AI Enables On-Demand Detection Generation

How It Works Writing detection rules often starts with a question: What am I trying to find, and under what conditions? But even the best threat intel reports don’t come prepackaged in platform-ready syntax. Uncoder AI’s Custom Prompt Generation bridges that gap. This feature allows users to input natural language descriptions of the behavior they […]

Read More
Making Splunk Detection Work Faster with Uncoder AI’s Full Summary
Making Splunk Detection Work Faster with Uncoder AI’s Full Summary

Modern SOC teams dealing with Splunk Detections need to process large volumes of detection logic written in SPL. The challenge? Much of it is complex, verbose, and time-consuming to understand—when working with Splunk content from external sources or Sigma-based rules converted to Splunk format. Uncoder AI’s Full AI-generated Summary tackles this exact pain point by […]

Read More
Search and Replace Text in SPL Fields with rex
Search and Replace Text in SPL Fields with rex

Sometimes when working with fields in SPL, it can be useful to search for and replace parts of text found in the field. Some reasons for doing this might be:– removing white space to reduce the size of the field– replacing field separators with characters that look nicer– rearranging values in a field in an […]

Read More
rare Сommand in Splunk
rare Сommand in Splunk

The rare command in Splunk helps you find the least common values in a specific field of your data. This is useful for spotting unusual or infrequent events. By default, the rare command in Splunk returns the 10 least common values for a specified field. Find Rare User Agents To identify the least common user agents in your web […]

Read More
coalesce Function in Splunk
coalesce Function in Splunk

The Splunk coalesce function returns the first non-null value among its arguments. It’s useful for normalizing data from different sources with varying field names. For example, to unify multiple source IP fields into a single src_ip field:

Read More