Linux Syscall Threat Detection in Splunk with Uncoder AI How It Works The detection logic here is built around monitoring use of the mknod syscall, which is rarely used in legitimate workflows but can be exploited by attackers to: Create fake block or character devices Interact with kernel interfaces Bypass file system controls or establish […]
How It Works The Sigma rule shown is designed to detect Notepad opening files with names suggesting password storage, which may indicate unauthorized credential access or suspicious behavior on Windows systems. Left Panel – Sigma Rule: Looks for process creation events where: Parent process is explorer.exe Child process is notepad.exe Command line contains strings like […]
Convert Sigma DNS Rules to Cortex XSIAM with Uncoder AI How It Works Uncoder AI reads a Sigma rule designed to detect DNS queries to malicious infrastructure used by Katz Stealer malware, and instantly translates it into native Palo Alto Cortex XSIAM syntax. Left Panel – Sigma Detection: Targets DNS queries to specific Katz Stealer […]
How It Works The showcased feature translates a Linux-based Sigma rule — specifically targeting the sysinfo system call — into Microsoft Sentinel KQL. This system call provides an attacker with system metadata like uptime, memory usage, and load averages — commonly abused during reconnaissance. Left Panel – Sigma Rule: Targets Linux auditd telemetry for syscall […]
How It Works Uncoder AI reads a Sigma detection rule designed to identify DNS queries to malicious domains linked with the Katz Stealer malware family. It then automatically rewrites the logic into a fully compatible Microsoft Defender for Endpoint (MDE) Advanced Hunting query using the Kusto Query Language (KQL). Left Panel – Sigma Rule: […]
How It Works This feature enables detection engineers to seamlessly convert Sigma rules into Google SecOps Query Language (UDM). In the screenshot, the original Sigma rule is designed to detect DNS queries to known Katz Stealer domains — a malware family associated with data exfiltration and command-and-control activity. Left Panel – Sigma Rule: The Sigma […]
Cross-Platform Rule Translation: From Sigma to CrowdStrike with Uncoder AI How It Works Uncoder AI takes structured detection content written in Sigma, a popular open detection rule format, and automatically converts it into platform-specific logic — in this case, CrowdStrike Endpoint Search syntax. The Sigma rule describes a technique where Deno (a secure JavaScript runtime) […]
How It Works Uncoder AI parses detection logic written for Palo Alto Cortex XSIAM and performs real-time validation based on both syntax rules and semantic expectations of the platform. In the screenshot, the query targets suspicious command-line executions and network activity related to UAC-0185 (CERT-UA#12414), such as PowerShell obfuscation, MSHTA abuse, and outbound connections to […]
How It Works This Uncoder AI feature automatically analyzes and validates detection queries written for Microsoft Sentinel using Kusto Query Language (KQL). In this example, the input is a multi-condition search query designed to identify domain names linked to the SmokeLoader campaign (CERT-UA references shown). The left panel shows the detection logic: search (@”dipLombar.by” or […]
How It Works This Uncoder AI feature processes structured threat reports, such as those in IOC (Indicators of Compromise) format, and automatically transforms them into actionable detection logic. The screenshot illustrates: Left Panel: A classic threat intelligence report under the “COOKBOX” campaign, showing extracted hashes, domains, IPs, URLs, and registry keys associated with malicious PowerShell […]