Tag: Uncoder AI

Uncovering Insider Risks with Full Summary in Uncoder AI: A Microsoft Defender for Endpoint Case
Uncovering Insider Risks with Full Summary in Uncoder AI: A Microsoft Defender for Endpoint Case

Identifying unauthorized access to sensitive data—especially passwords—remains a critical concern for cybersecurity teams. When such access happens through legitimate tools like Notepad, visibility becomes a challenge. But with Uncoder AI’s Full Summary feature, security analysts can immediately understand the logic behind detection rules targeting exactly that type of threat. Explore Uncoder AI In a recent […]

Read More
Investigating Suspicious Rsync Shell Activity with Uncoder AI and Carbon Black Query Language
Investigating Suspicious Rsync Shell Activity with Uncoder AI and Carbon Black Query Language

Monitoring remote file transfer utilities like rsync is essential in detecting stealthy lateral movement or data exfiltration across Unix-based environments. But not all rsync usage is equal. In some cases, it can silently launch shell processes under the hood—making threat detection harder for defenders. That’s where Uncoder AI’s Full Summary becomes invaluable. When used alongside […]

Read More
Enhancing Cortex XQL Threat Detection with Full Summary in Uncoder AI
Enhancing Cortex XQL Threat Detection with Full Summary in Uncoder AI

As attackers become more creative in bypassing traditional network defenses, analysts need fast, clear insight into the logic behind complex detection rules. That’s where Uncoder AI’s Full Summary feature becomes a game-changer—especially for teams working with Palo Alto Cortex XSIAM Query Language (XQL). In a recent use case, Uncoder AI helped threat hunters break down […]

Read More
Visualizing Malicious curl Proxy Activity in CrowdStrike with Uncoder AI
Visualizing Malicious curl Proxy Activity in CrowdStrike with Uncoder AI

Adversaries frequently repurpose trusted tools like curl.exe to tunnel traffic through SOCKS proxies and even reach .onion domains. Whether it’s for data exfiltration or command-and-control communication, such activity often flies under the radar—unless you’re explicitly detecting for it. This is exactly what CrowdStrike Endpoint Security Query Language allows teams to do. But when logic grows […]

Read More
Detecting Covert curl Usage with Uncoder AI’s Decision Tree in Carbon Black
Detecting Covert curl Usage with Uncoder AI’s Decision Tree in Carbon Black

When attackers repurpose legitimate binaries like curl.exe to tunnel through SOCKS proxies and access .onion domains, it poses a major visibility gap for defenders. These behaviors can signal C2 activity, data staging, or use of a backdoor like Kalambur. VMware Carbon Black allows you to detect these patterns with detailed command-line monitoring, but parsing the […]

Read More
Visualizing clfs.sys Threat Activity in Microsoft Defender with Uncoder AI’s Decision Tree
Visualizing clfs.sys Threat Activity in Microsoft Defender with Uncoder AI’s Decision Tree

Loading legitimate system drivers from illegitimate or suspicious directories is a known tactic for persistence, evasion, or execution by adversaries. One high-value target in this category is clfs.sys — a legitimate Windows driver tied to the Common Log File System. To detect this activity, Microsoft Defender for Endpoint supports advanced KQL-based detection logic. But to […]

Read More
Detecting NimScan Execution with Uncoder AI’s Decision Tree for Cortex XQL
Detecting NimScan Execution with Uncoder AI’s Decision Tree for Cortex XQL

Potentially Unwanted Applications (PUAs) like NimScan are increasingly used by adversaries during the reconnaissance phase to map open ports or identify network assets. Detecting their execution early is key—but doing so with hash-based or path-based rules in Cortex XQL can result in logic that’s functional, but hard to interpret quickly. Uncoder AI’s AI-generated Decision Tree […]

Read More
Detecting Covert TOR Access in Microsoft Sentinel with Uncoder AI’s Decision Tree
Detecting Covert TOR Access in Microsoft Sentinel with Uncoder AI’s Decision Tree

When malware like the Kalambur backdoor leverages native tools like curl.exe to route traffic through TOR, defenders need visibility at the process and command-line level. But in tools like Microsoft Sentinel, queries for such activity—written in Kusto Query Language (KQL)—can quickly grow difficult to interpret. That’s where Uncoder AI’s AI-generated Decision Tree delivers immediate value. […]

Read More
Exposing Event Log Tampering with Uncoder AI’s AI Decision Tree for Splunk Queries
Exposing Event Log Tampering with Uncoder AI’s AI Decision Tree for Splunk Queries

One of the more advanced tactics in attacker playbooks is tampering with event log configurations to erase traces of compromise. Detecting such attempts via Windows Registry modifications is complex—often involving detailed Splunk queries that filter by registry keys and permissions. To quickly make sense of these queries, analysts are turning to Uncoder AI’s AI-generated Decision […]

Read More
CrowdStrike Child Process Detection Enhanced by Uncoder AI’s Short Summary
CrowdStrike Child Process Detection Enhanced by Uncoder AI’s Short Summary

CrushFTP is a popular file transfer application, but in the wrong hands, it can become a stealthy foothold for lateral movement. A process like crushftpservice.exe spawning common Windows binaries such as cmd.exe , powershell.exe , or wscript.exe often signals that something deeper is at play. This is exactly the scenario where detection rules written in […]

Read More