Uncoder.IO: Universal Sigma Rule Converter for Various SIEM, EDR, and NTDR Formats

Uncoder.IO is the online Sigma translation tool for SIEM saved searches, filters, queries, API requests, which helps SOC Analysts, Threat Hunters, and Detection Engineers to translate detections on the fly. It allows Blue Teams to break the limits of being dependent on a single tool for hunting and detecting threats and avoid technology lock-in. With an intuitive look and feel and streamlined flow, you can translate queries from one tool to another on the fly in a single place without the need to switch to the SIEM environment.


Explore Detection as Code Content and Custom Use Cases

Obtain 100k+ queries, parsers, SOC-ready dashboards, YARA and Snort rules, Machine Learning models and Incident Response Playbooks mapped to CVE and MITRE ATT&CK® frameworks. Threat Detection Marketplace continuously delivers custom use cases matching the organization's SIEM and XDR stack, which fits the innovative approach to threat hunting known as "Detection as Code."

Threat Bounty Developer Program for SOC Prime’s Detection as Code Platform

Join the world’s first Threat Bounty Program for SOC content, publish it to the industry-leading Detection as Code platform, and get rewarded for your valuable input.

Read Gartner’s Complimentary Research Note “How to Build Security Use Cases for Your SIEM”

Security use cases for technologies your organization applies should be a high-value activity and a strong priority in the CISO’s toolkit. Our approach to developing SOC content, which can be used across various SIEM, EDR, and NTDR technologies, follows a unique methodology focused on insight, data, and analytics. We help to maintain a healthy life cycle of ongoing content improvement by its proper tagging, reviewing, and optimization. Learn how your organization can continuously boost detection and response capabilities with our SOC content.


Uncoder.IO is a free project developed with privacy in mind. It doesn’t collect any user data while offering 100% free access to the automated Sigma rule converter.


Uncoder.IO Sigma converter supports on-the-fly translations to 20+ platforms, including Microsoft Azure Sentinel, Google Chronicle Security, Sumo Logic, Humio, and Elastic Cloud. Translations are supported via Sigma as the intermediate language and can be performed directly, for example, SPL to AQL to Elasticsearch. Some Sigma rules are included into the Uncoder.IO as examples, please note that they are licensed under the GNU General Public License.

Uncoder.IO was created by the SOC Prime Team with the goal to reinforce threat detection and response capabilities globally. Uncoder.IO is powered by Elasticsearch and the Sigma project, the generic rule format for SIEM systems.


Sign up for our Cyber Library online space to master your SIEM hard skills, watch deep dive educational videos, and catch up with how-to guides on threat hunting online.