UNCODER.IO: TRANSLATE SIGMA RULES INTO VARIOUS SIEM, EDR, AND XDR FORMATS
Uncoder.IO is an online Sigma translation engine enabling one-click conversion of platform-agnostic Sigma rules into native queries, rules, and other content types for dozens of SIEMs, EDRs, and XDRs. With the Sigma language, you can break the limits of being dependent on a single platform for hunting and detecting threats, avoiding the technology lock-in.
WHAT IS A SIGMA RULE?
A Sigma rule is a log-based detection rule written in Sigma, a platform-agnostic language enabling defenders to share detections in a common format. When answering the question what is Sigma, it's common to say that for logs Sigma is what YARA is for files and Snort for traffic. To find out more about the language, read our
Sigma Rules Guide
and have a look at the translation of rules from our stock Sigma rule list into your platform's format right on this page.
ACHIEVE MORE WITH THE SOC PRIME PLATFORM
Access the world's largest Threat Detection Marketplace combined with automation and management capabilities:
Thousands of Sigma rules with enhanced translations into various SIEM, EDR, and XDR formats
New rules for the latest and emerging threats released every day
Convenient search and detailed filtering
Rules mapped to the MITRE ATT&CK® framework and enriched with threat intelligence
Integrations to deploy rules and launch hunting queries directly in your environment
Centralized content management and streaming capabilities
Customization features to make the translated rules match alternative and non-standard data schemas
SOC Prime is mentioned in the 2021 Gartner, Magic Quadrant for Security Information
and Event Management for the 2nd year in a row as a content provider.
Explore the Gartner Magic Quadrant report right now to keep abreast of the
latest achievements on the SIEM market.
Get direct access to the report without registration and no forms to fill out.
Uncoder.IO is a free project developed with privacy in mind. It doesn’t collect any user data while offering 100% free access to the automated Sigma rule converter.
Uncoder.IO supports on-the-fly translation of Sigma rules to 20+ platforms, including Microsoft Sentinel, Google Chronicle Security, Sumo Logic, Humio, Splunk, and Elastic Cloud. Some Sigma rules are included in the Uncoder.IO as examples, please note that they are licensed under the Detection Rule License. To explore more Sigma rules, go to the
SOC Prime Platform.
Uncoder.IO was created by the SOC Prime Team with the goal of reinforcing threat detection and response
capabilities globally. Uncoder.IO is powered by Elasticsearch and the Sigma project.
DIRECT ACCESS TO FREE CYBERSECURITY KNOWLEDGE
Sign up for our Cyber Library online space to improve your SIEM hard skills, watch deep dive educational videos, and catch up with how-to guides on threat hunting.
This Terms and Conditions was last updated on December 5, 2019
Please read this Terms and Conditions (the "Terms and Conditions") carefully before using the https://uncoder.io/ website (the “Website”) or using any service (the "Service") operated by SOC Prime Inc. (when we use “SOC Prime”, “Company”, “we”, “our”, or “us” in this Terms and
Conditions, we are referring to SOC Prime Inc., the company which provides the Service).
By accessing or using the Website or accessing or using the Service or using any content available within the Service (the “Content”) you (on behalf of yourself or any entity or individual you represent (collectively “User”, “you”, or “your”) agree to be bound by the Terms and
Commitment to EU General data protection regulation (GDPR)
SOC Prime is committed to comply with the GDPR regulations that aim to protect the personal information of EU citizens and become effective on May 25, 2018. All data subjects whose personal data is collected, in line with the requirements of the General Data Protection Regulation
(“GDPR”, “Regulation”) only where we have legal bases for doing so under applicable EU laws.
This means we collect and use your information only where:
We need it to provide you the Services, including to operate the Service, provide customer support and personalized features and to protect the safety and security of the Services;
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
You give us consent to do so for a specific purpose; or
We need to process your data to comply with a legal obligation.
While using the Website and Service you will comply with all applicable laws, rules and regulations. In addition, SOC Prime expects users of the Website to respect the rights and dignity of others.
Your use of the Website is conditioned on your compliance with the rules of conduct set in this Terms and Conditions; any failure to comply may also result in termination of your access to the Website pursuant to Section Termination.
You agree that you will not:
interfere or attempt to interfere with the proper operation of the Service or any activities conducted through the Service;
use any robot, spider, crawlers, grabbers or other device, techniques and methods to retrieve, index, scrape, data mine or in any way gather information, Content or other materials from the Service and company Website;
decipher, decompile, decompose, debug, disassemble, reverse engineer, simulate or derive any source code, data models, ideas or algorithms from the Service and Content or use any of the foregoing to create any software or service or content similar to the Service and
create any derivative work or modification of the Content other than Implementation permitted by these Terms and Conditions; or
license, sublicense, sell, encumber, rent, lease, Distribute, transfer, grant as a present, or similarly exploit the Services.
All rights reserved. No part of this Website may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the SOC Prime, except in the case of brief
quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, write to the publisher, addressed “Attention: Permissions Coordinator,” at the address below email@example.com.
License to use of the Website
SOC Prime grants you a non-exclusive, non-transferable, limited right and license to access, use and privately display the Website and its Content as described herein for your personal use only, by way of one (1) computer connected to the Website over the Internet, provided that
you comply fully with these Terms and Conditions. You may "cache" pages of the Website for the sole purpose of increasing the speed and efficiency at which you access the Website. Any other copy or use of a portion of the Website is not authorized, will be a violation of these
Terms and Conditions and will constitute a copyright violation. You shall not interfere, or attempt to interfere with the operation of the Website in any way through any means or device, including, but not limited to, spamming, hacking, uploading computer viruses, archive bombs
or time bombs or any other means expressly prohibited by any provision of these Terms and Conditions or by law.
SOC Prime or other third party names and logos and all related product and service names, design marks, trademarks and slogans that our displayed on the Website or through the Service or used in connection with any Service, are our sole property or the property of our affiliates
or licensors (collectively, “Marks”). You are not authorized to use any of the Marks in any advertising, publicity or any other commercial manner without our prior written consent.
SOC Prime takes data security very seriously. We remember how the development of IT technologies started. Everybody was chasing usability and functionality. Higher speed and dependable connections were needed. After some time it became clear that applications could be cracked,
data could be distorted, stolen and misused. Or even someone could gain control over the system. And in general, the whole IT infrastructure was built without the beloved "Security in mind".
We started to build our business after gaining considerable experience in IT and Cybersecurity with more than 120 years in total. Key employees had experience in different areas: from end customers, public institutions, banks and telecoms, to leading integrators in the country.
Some of them were involved in the development of payment systems, queuing systems, and many other interesting and diverse projects. We have lined up all the processes and systems with maximum use of the principles of "Secure by design" from the very beginning. As a consequence,
we do not and will not support and accompany the consignment of old and unsafe technologies.
We treat any user data as proprietary information - SOC Prime Confidential and apply to it the appropriate protection mechanisms. If possible user data is not collected and stored. If ensuring the level of service requires the collection of user data, such data is encrypted at all
stages of the life cycle, both at transmission and at rest. We obfuscate data that is not strictly necessary for the purposes of processing.
Secure Software Development Life Cycle and principles of "Secure by design" ensure an analysis of security risks at the stage of architectural design and provide test procedures of the vulnerability of the product release candidate. Scanning the code vulnerabilities is deeply
integrated into the development process. The availability of critical vulnerabilities blocks the release of a new version of the product according to the Company's policy approved by the CEO, CTO and CISO.
Rigid segmentation, separation arrangements and access control to information are implemented in the Company's network from the start. Despite the young age of the company the following set of software tools were already implemented in the network to ensure information security:
Firewalls (FW), Intrusion Prevention System (IPS), Security information and event management system (SIEM), Anti-virus system (AV), Vulnerability Management system (VM), Full Disk Encryption system (FDE), email encryption system (PGP), etc. We use hosting services from the market
leader - Amazon AWS.
All staff receives individual security awareness training during the onboarding process. The whole team receives regular training on the new trends of information security threats and on best practices to counter them. The key persons get additional personalised training
Analysis of external threats and trends in the industry
Our team tracks major developments in cyber attacks and explores mechanisms of attacks to promptly integrate into our products actual protection mechanisms.
Our Information Security Management System is compliant with the GDPR requirements. It undergoes regular vulnerability analysis of the service platform, security audits and 24x7x365 operational security monitoring to ensure security and privacy of the entire infrastructure.
We have a very limited number of third-party service providers that can access data provided by our clients. The data is shared only after ensuring the service provider adheres to industry-accepted security frameworks and signing all necessary papers.
You are not eligible to use the service if you are 16 and under without the parent/guardian's permission.
If you learn that a child under 16 has provided us with personal information without consent or if you have any further queries, please contact our DPO by sending an email to address: firstname.lastname@example.org
You have certain obligations imposed by applicable law or regulations or by SOC Prime Portal Terms and Conditions. You must at all times respect these Terms and Conditions including but not limited to any intellectual property rights, which may belong to third parties. You must
not disseminate, distribute and/or download any information which may be deemed to be injurious, offensive, violent or racist. Any violation of these obligations and guidelines in the Terms and Conditions may lead to the termination or suspension of your access to the Service of
You will promptly report any errors in the operation of the Service to SOC Prime and will not take any actions that would increase the severity of the error. You will use the Service solely as described herein. In the event that a user violates any of the requirements of these
Terms and Conditions, SOC Prime will have no responsibility to provide the Service.
YOUR USE OF THE WEBSITE IS AT YOUR OWN RISK. THE WEBSITE AND ANY CONTENT, INFORMATION, PRODUCTS OR SERVICES MADE AVAILABLE ON OR THROUGH THE WEBSITE ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTY OF ANY KIND. SOC PRIME AND/OR ITS SUPPLIERS AND LICENSORS
HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS WEBSITE OR ANY INFORMATION, CONTENT, PRODUCTS OR SERVICES CONTAINED THEREIN, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
SPECIFICALLY, SOC PRIME MAKES NO WARRANTY THAT
(I) THE WEBSITE WILL MEET YOUR REQUIREMENTS,
(II) ANY USER ACCESS TO THE WEBSITE WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE,
(III) THE QUALITY OF ANY CONTENT, PRODUCTS, SERVICES, INFORMATION OR OTHER MATERIAL OBTAINED THROUGH THE WEBSITE WILL MEET YOUR EXPECTATIONS,
(IV) ANY ERRORS IN THE SOFTWARE WILL BE CORRECTED.
THE WEBSITE, THE CONTENT AND SERVICES AVAILABLE THROUGH THE WEBSITE AND THE INFORMATION, CONTENT, SOFTWARE, DOCUMENTS, AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE COULD INCLUDE TECHNICAL INACCURACIES, ERRORS, OR OMISSIONS. THE DISCLAIMERS OF WARRANTY AND LIMITATIONS OF
LIABILITY APPLY, WITHOUT LIMITATION, TO ANY DAMAGES OR INJURY CAUSED BY THE FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DELETION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMPUTER VIRUS, COMMUNICATION LINE FAILURE, THEFT OR DESTRUCTION OR UNAUTHORIZED ACCESS TO,
ALTERATION OF OR USE OF ANY ASSET, WHETHER ARISING OUT OF BREACH OF CONTRACT, TORTIOUS BEHAVIOUR, NEGLIGENCE OR ANY OTHER COURSE OF ACTION BY SOC PRIME.
Links to other web sites
Our Service may contain links to third-party websites or services that are not owned or controlled by SOC Prime.
SOC Prime has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party web sites or services. You further acknowledge and agree that SOC Prime shall not be responsible or liable, directly or indirectly, for any damage or
loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods or services available on or through any such web sites or services.
Claims of copyright infringement
SOC Prime respects the intellectual property rights of others and asks that the people who use the Website do the same. The Digital Millennium Copyright Act of 1998 (the “DMCA”) provides recourse for copyright owners who believe that material appearing on the Internet infringes
their rights under U.S. copyright law. If you believe in good faith that materials available on the Website infringes your copyright, you (or your agent) may send SOC Prime a notice requesting that we remove the material or block access to it. If you believe in good faith that
someone has wrongly filed a notice of copyright infringement against you, the DMCA permits you to send SOC Prime a counter-notice. Notices and counter-notices must meet the then-current statutory requirements imposed by the DMCA. See http://www.copyright.gov/ for details. Notices
and counter-notices should be sent to:
563 Pilgrim Drive Suite B
Foster City, CA 94404
For SOC Prime, Inc. DMCA@socprime.com
This Terms and Conditions and all matters relating to your access or use of this Website, including all disputes, shall be governed by and construed under the laws of the United States and of Delaware, without regard to the principles thereof relating to conflicts of laws.
The State and Federal Courts in the City of Wilmington, Delaware shall have exclusive jurisdiction over any action arising out of the Website.
Changes to our Terms and Conditions
SOC Prime may modify or update these Terms and Conditions from time to time, so please review it periodically. We may provide you additional forms of notice of modifications or updates as appropriate under the circumstances. Your continued use of the Service after any modification
to these Terms and Conditions will constitute your acceptance of such modification.
We may terminate or suspend access to our Service immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach these Terms and Conditions.
How to contact us
If you have any questions about these Terms and Conditions or the Service, please contact us: email@example.com .
(small text files that are stored
by the web browser on the user's device)
to improve the user experience while you
navigate through the website for the statistical
analysis of traffic and to adapt the content of
the website to your individual needs. It also lets
us improve your overall experience of the website.
These cookies will only be stored in your browser
with your consent.
However, if you would like to, you can opt-out of
these cookies in your browser settings at any time.
But opting out of some of these cookies may have a
negative impact on your viewing experience. More
and for a detailed list of the cookies we use,
see our Cookie Settings.