Uncoder: One common language for cyber security

Uncoder.IO is the online translator for SIEM saved searches, filters, queries, API requests, correlation and Sigma rules to help SOC Analysts, Threat Hunters and SIEM Engineers. Serving as one common language for cyber security it allows blue teams to break the limits of being dependent on single tool for hunting and detecting threats and avoid technology lock-in. With easy, fast and private UI you can translate the queries from one tool to another without a need to access to SIEM environment and in a matter of just few seconds.

marketplace

For more examples and SIEM content

Open and private Sigma rules as well as direct mapping of content against MITRE ATT&CK you can subscribe to free membership of SOC Prime Threat Detection Marketplace.

DEVELOPER PROGRAM FOR THREAT DETECTION MARKETPLACE

DO RESEARCH, WRITE AND SUBMIT RULES, EARN MONEY WHILE YOU SLEEP

The opportunity to generate a steady income by writing threat detection rules. Join the defenders that work together for the better cyber security!

Join now or learn more  About TDM

SOC Prime named a Cool Vendor by Gartner in their October 2019 'Cool Vendors in Security and Risk Management, 2H19 report

Read Gartner report or learn more  SOC Prime

Gartner, Cool Vendors in Security and Risk Management, 2H19, Prateek Bhajanka, Dionisio Zumerle, Augusto Barros, Toby Bussa, 3 October 2019 The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Free and private

Uncoder.io is a free project and is developed with privacy in mind so it collects no data on its users. If you like the uncoder.io and would like translations to get more accurate please check the box “share my query to improve translation”! Otherwise your queries are not saved and only you can see their inputs and outputs.

Supported technologies

Uncoder.IO supports rules based on Sigma, ArcSight, Azure Sentinel, Elasticsearch, Graylog, Kibana, LogPoint, QRadar, Qualys, RSA NetWitness, Regex Grep, Splunk, Sumo Logic, Windows Defender ATP, Windows PowerShell, X-Pack Watcher. Translations are supported via Sigma as intermediate language and can be performed directly, for example, SPL to AQL to Elasticsearch. Some Sigma rules are included into the Uncoder.IO as examples, please note that they are licensed on GNU General Public License.

Uncoder was created by SOC Prime team with the goal to speed up threat detection and response globally. Uncoder.io is powered by Elasticsearch https://github.com/elastic/elasticsearch and the Sigma project, the Generic rule format for SIEM systems https://github.com/Neo23x0/sigma.