File transfer services like CrushFTP are critical for business operations—but they can also be leveraged as stealthy launchpads for post-exploitation activity. When a server process such as crushftpservice.exe spawns command-line interpreters like powershell.exe , cmd.exe , or bash.exe , it may signal that an attacker is executing commands or deploying payloads under the radar. In […]
In modern cyberattacks, attackers rely not only on payloads but also on clever evasion techniques. One of the most subtle methods? Whitespace padding in command-line arguments—a tactic often used to obscure malicious behavior and throw off static detection. A recent VMware Carbon Black Cloud Query leverages this concept to detect suspicious .lnk file execution chains. […]
When new CVEs drop, defenders race to understand how attackers might exploit them. One such vulnerability—CVE-2024-35250—involves suspicious usage of the ksproxy.ax module. Palo Alto Cortex XSIAM is among the platforms providing early detection logic for potential abuse. But parsing the query manually? Not quick. That’s where Uncoder AI’s Short Summary becomes indispensable. This feature reads […]
Potentially Unwanted Applications (PUAs) like NimScan.exe can silently operate within enterprise environments, probing internal systems or facilitating lateral movement. Detecting these tools early is critical to prevent network-wide compromise. A SentinelOne detection rule recently analyzed in SOC Prime’s Uncoder AI platform highlights this threat by identifying events where the target process path or IMPhash signature […]
In threat detection, time is everything. Especially when identifying tools like NimScan—a known Potentially Unwanted Application (PUA) often associated with reconnaissance or malicious scanning activities. Microsoft Sentinel provides detection rules for such threats using Kusto Query Language (KQL), but understanding their full scope at a glance can be time-consuming. That’s where Uncoder AI’s Full Summary […]
Attackers often use trusted tools like Notepad to discreetly access sensitive files, especially those labeled as password-related. This tactic blends in with regular user behavior but can signal early-stage credential theft or internal reconnaissance. Explore Uncoder AI A Splunk detection rule recently translated in SOC Prime’s Uncoder AI platform targets exactly this scenario. It focuses […]
How It Works Translating detection logic across security platforms is a complex task often constrained by syntax mismatches and context loss. SOC Prime’s Uncoder AI resolves this by applying a hybrid translation model powered by both deterministic parsing and artificial intelligence. In this case, a detection rule written in Microsoft Sentinel’s Kusto Query Language (KQL) […]
How It Works Modern detection rules often involve intricate logic, multiple filters, and specific search patterns that make them difficult to interpret at a glance. With its Full Summary feature, Uncoder AI automatically analyzes a provided detection rule or query and generates a detailed explanation in human-readable language. As shown in the example, a Splunk […]
How It Works Long and complex detection queries — especially those involving multiple joins, enrichments, and field lookups — often become performance bottlenecks. This is particularly true for queries in Microsoft Sentinel, where misaligned joins or poor field usage can significantly delay results. To address this, SOC Prime’s Uncoder AI introduces AI-driven Query Optimization. The […]
How It Works Detection rules are growing more complex — packed with nested logic, exceptions, file path filters, and deeply specific behavioral conditions. Reading and interpreting these rules, especially those written by third-party teams, is time-consuming even for seasoned detection engineers. That’s where Uncoder AI’s Short Summary generation comes in. This feature automatically creates human-readable, […]