Uncoder.IO: Universal Sigma Rule Converter for Various SIEM, EDR, and NTDR Formats
Uncoder.IO is the online Sigma translation tool for SIEM saved searches,
filters, queries, API requests, which helps SOC Analysts, Threat Hunters,
and Detection Engineers to translate detections on the fly. It allows Blue
Teams to break the limits of being dependent on a single tool for hunting
and detecting threats and avoid technology lock-in. With an intuitive look
and feel and streamlined flow, you can translate queries from one tool to
another on the fly in a single place without the need to switch to the SIEM
Explore Detection as Code Content and Custom Use Cases
Obtain 100k+ queries, parsers, SOC-ready dashboards,
YARA and Snort rules, Machine Learning models and Incident
Response Playbooks mapped to CVE and MITRE ATT&CK® frameworks.
Threat Detection Marketplace continuously delivers custom use
cases matching the organization's SIEM and XDR stack, which fits
the innovative approach to threat hunting known as "Detection as Code."
Read Gartner’s Complimentary Research Note “How to Build Security Use Cases for Your SIEM”
Security use cases for technologies your organization applies should be a high-value activity
and a strong priority in the CISO’s toolkit. Our approach to developing SOC content, which
can be used across various SIEM, EDR, and NTDR technologies, follows a unique methodology
focused on insight, data, and analytics. We help to maintain a healthy life cycle of ongoing
content improvement by its proper tagging, reviewing, and optimization. Learn how your
organization can continuously boost detection and response capabilities with our SOC content.
Uncoder.IO is a free project developed with privacy in mind.
It doesn’t collect any user data while offering 100% free access
to the automated Sigma rule converter.
Uncoder.IO Sigma converter supports on-the-fly translations to 20+ platforms,
including Microsoft Azure Sentinel, Google Chronicle Security, Sumo Logic, Humio,
and Elastic Cloud. Translations are supported via Sigma as the intermediate language
and can be performed directly, for example, SPL to AQL to Elasticsearch. Some Sigma
rules are included into the Uncoder.IO as examples, please note that they are licensed
under the GNU General Public License.
Uncoder.IO was created by the SOC Prime Team with the goal to reinforce threat detection and response
capabilities globally. Uncoder.IO is powered by Elasticsearch
and the Sigma project, the generic rule
format for SIEM systems.
DIRECT ACCESS TO FREE CYBERSECURITY KNOWLEDGE
Sign up for our Cyber Library online space to master your SIEM hard skills,
watch deep dive educational videos, and catch up with how-to guides on threat hunting online.
This Terms and Conditions was last updated on December 5, 2019
Please read this Terms and Conditions (the "Terms and Conditions") carefully before using the https://uncoder.io/ website (the “Website”) or using any service (the "Service") operated by SOC Prime Inc. (when we use “SOC Prime”, “Company”, “we”, “our”, or “us” in this Terms and Conditions, we are referring to SOC Prime Inc., the company which provides the Service).
By accessing or using the Website or accessing or using the Service or using any content available within the Service (the “Content”) you (on behalf of yourself or any entity or individual you represent (collectively “User”, “you”, or “your”) agree to be bound by the Terms and Conditions.
Commitment to EU General data protection regulation (GDPR)
SOC Prime is committed to comply with the GDPR regulations that aim to protect the personal information of EU citizens and become effective on May 25, 2018. All data subjects whose personal data is collected, in line with the requirements of the General Data Protection Regulation (“GDPR”, “Regulation”) only where we have legal bases for doing so under applicable EU laws.
This means we collect and use your information only where:
We need it to provide you the Services, including to operate the Service, provide customer support and personalized features and to protect the safety and security of the Services;
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
You give us consent to do so for a specific purpose; or
We need to process your data to comply with a legal obligation.
While using the Website and Service you will comply with all applicable laws, rules and regulations. In addition, SOC Prime expects users of the Website to respect the rights and dignity of others.
Your use of the Website is conditioned on your compliance with the rules of conduct set in this Terms and Conditions; any failure to comply may also result in termination of your access to the Website pursuant to Section Termination.
You agree that you will not:
interfere or attempt to interfere with the proper operation of the Service or any activities conducted through the Service;
use any robot, spider, crawlers, grabbers or other device, techniques and methods to retrieve, index, scrape, data mine or in any way gather information, Content or other materials from the Service and company Website;
decipher, decompile, decompose, debug, disassemble, reverse engineer, simulate or derive any source code, data models, ideas or algorithms from the Service and Content or use any of the foregoing to create any software or service or content similar to the Service and Content;
create any derivative work or modification of the Content other than Implementation permitted by these Terms and Conditions; or
license, sublicense, sell, encumber, rent, lease, Distribute, transfer, grant as a present, or similarly exploit the Services.
All rights reserved. No part of this Website may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the SOC Prime, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, write to the publisher, addressed “Attention: Permissions Coordinator,” at the address below firstname.lastname@example.org.
License to use of the Website
SOC Prime grants you a non-exclusive, non-transferable, limited right and license to access, use and privately display the Website and its Content as described herein for your personal use only, by way of one (1) computer connected to the Website over the Internet, provided that you comply fully with these Terms and Conditions. You may "cache" pages of the Website for the sole purpose of increasing the speed and efficiency at which you access the Website. Any other copy or use of a portion of the Website is not authorized, will be a violation of these Terms and Conditions and will constitute a copyright violation. You shall not interfere, or attempt to interfere with the operation of the Website in any way through any means or device, including, but not limited to, spamming, hacking, uploading computer viruses, archive bombs or time bombs or any other means expressly prohibited by any provision of these Terms and Conditions or by law.
SOC Prime or other third party names and logos and all related product and service names, design marks, trademarks and slogans that our displayed on the Website or through the Service or used in connection with any Service, are our sole property or the property of our affiliates or licensors (collectively, “Marks”). You are not authorized to use any of the Marks in any advertising, publicity or any other commercial manner without our prior written consent.
SOC Prime takes data security very seriously. We remember how the development of IT technologies started. Everybody was chasing usability and functionality. Higher speed and dependable connections were needed. After some time it became clear that applications could be cracked, data could be distorted, stolen and misused. Or even someone could gain control over the system. And in general, the whole IT infrastructure was built without the beloved "Security in mind".
We started to build our business after gaining considerable experience in IT and Cybersecurity with more than 120 years in total. Key employees had experience in different areas: from end customers, public institutions, banks and telecoms, to leading integrators in the country. Some of them were involved in the development of payment systems, queuing systems, and many other interesting and diverse projects. We have lined up all the processes and systems with maximum use of the principles of "Secure by design" from the very beginning. As a consequence, we do not and will not support and accompany the consignment of old and unsafe technologies.
We treat any user data as proprietary information - SOC Prime Confidential and apply to it the appropriate protection mechanisms. If possible user data is not collected and stored. If ensuring the level of service requires the collection of user data, such data is encrypted at all stages of the life cycle, both at transmission and at rest. We obfuscate data that is not strictly necessary for the purposes of processing.
Secure Software Development Life Cycle and principles of "Secure by design" ensure an analysis of security risks at the stage of architectural design and provide test procedures of the vulnerability of the product release candidate. Scanning the code vulnerabilities is deeply integrated into the development process. The availability of critical vulnerabilities blocks the release of a new version of the product according to the Company's policy approved by the CEO, CTO and CISO.
Rigid segmentation, separation arrangements and access control to information are implemented in the Company's network from the start. Despite the young age of the company the following set of software tools were already implemented in the network to ensure information security: Firewalls (FW), Intrusion Prevention System (IPS), Security information and event management system (SIEM), Anti-virus system (AV), Vulnerability Management system (VM), Full Disk Encryption system (FDE), email encryption system (PGP), etc. We use hosting services from the market leader - Amazon AWS.
All staff receives individual security awareness training during the onboarding process. The whole team receives regular training on the new trends of information security threats and on best practices to counter them. The key persons get additional personalised training regularly.
Analysis of external threats and trends in the industry
Our team tracks major developments in cyber attacks and explores mechanisms of attacks to promptly integrate into our products actual protection mechanisms.
Our Information Security Management System is compliant with the GDPR requirements. It undergoes regular vulnerability analysis of the service platform, security audits and 24x7x365 operational security monitoring to ensure security and privacy of the entire infrastructure.
We have a very limited number of third-party service providers that can access data provided by our clients. The data is shared only after ensuring the service provider adheres to industry-accepted security frameworks and signing all necessary papers.
You are not eligible to use the service if you are 16 and under without the parent/guardian's permission.
If you learn that a child under 16 has provided us with personal information without consent or if you have any further queries, please contact our DPO by sending an email to address: email@example.com
You have certain obligations imposed by applicable law or regulations or by SOC Prime Portal Terms and Conditions. You must at all times respect these Terms and Conditions including but not limited to any intellectual property rights, which may belong to third parties. You must not disseminate, distribute and/or download any information which may be deemed to be injurious, offensive, violent or racist. Any violation of these obligations and guidelines in the Terms and Conditions may lead to the termination or suspension of your access to the Service of SOC Prime.
You will promptly report any errors in the operation of the Service to SOC Prime and will not take any actions that would increase the severity of the error. You will use the Service solely as described herein. In the event that a user violates any of the requirements of these Terms and Conditions, SOC Prime will have no responsibility to provide the Service.
YOUR USE OF THE WEBSITE IS AT YOUR OWN RISK. THE WEBSITE AND ANY CONTENT, INFORMATION, PRODUCTS OR SERVICES MADE AVAILABLE ON OR THROUGH THE WEBSITE ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTY OF ANY KIND. SOC PRIME AND/OR ITS SUPPLIERS AND LICENSORS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS WEBSITE OR ANY INFORMATION, CONTENT, PRODUCTS OR SERVICES CONTAINED THEREIN, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
SPECIFICALLY, SOC PRIME MAKES NO WARRANTY THAT
(I) THE WEBSITE WILL MEET YOUR REQUIREMENTS,
(II) ANY USER ACCESS TO THE WEBSITE WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE,
(III) THE QUALITY OF ANY CONTENT, PRODUCTS, SERVICES, INFORMATION OR OTHER MATERIAL OBTAINED THROUGH THE WEBSITE WILL MEET YOUR EXPECTATIONS,
(IV) ANY ERRORS IN THE SOFTWARE WILL BE CORRECTED.
THE WEBSITE, THE CONTENT AND SERVICES AVAILABLE THROUGH THE WEBSITE AND THE INFORMATION, CONTENT, SOFTWARE, DOCUMENTS, AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE COULD INCLUDE TECHNICAL INACCURACIES, ERRORS, OR OMISSIONS. THE DISCLAIMERS OF WARRANTY AND LIMITATIONS OF LIABILITY APPLY, WITHOUT LIMITATION, TO ANY DAMAGES OR INJURY CAUSED BY THE FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DELETION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMPUTER VIRUS, COMMUNICATION LINE FAILURE, THEFT OR DESTRUCTION OR UNAUTHORIZED ACCESS TO, ALTERATION OF OR USE OF ANY ASSET, WHETHER ARISING OUT OF BREACH OF CONTRACT, TORTIOUS BEHAVIOUR, NEGLIGENCE OR ANY OTHER COURSE OF ACTION BY SOC PRIME.
Links to other web sites
Our Service may contain links to third-party websites or services that are not owned or controlled by SOC Prime.
SOC Prime has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third-party web sites or services. You further acknowledge and agree that SOC Prime shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods or services available on or through any such web sites or services.
Claims of copyright infringement
SOC Prime respects the intellectual property rights of others and asks that the people who use the Website do the same. The Digital Millennium Copyright Act of 1998 (the “DMCA”) provides recourse for copyright owners who believe that material appearing on the Internet infringes their rights under U.S. copyright law. If you believe in good faith that materials available on the Website infringes your copyright, you (or your agent) may send SOC Prime a notice requesting that we remove the material or block access to it. If you believe in good faith that someone has wrongly filed a notice of copyright infringement against you, the DMCA permits you to send SOC Prime a counter-notice. Notices and counter-notices must meet the then-current statutory requirements imposed by the DMCA. See http://www.copyright.gov/ for details. Notices and counter-notices should be sent to:
563 Pilgrim Drive Suite B
Foster City, CA 94404
For SOC Prime, Inc. DMCA@socprime.com
This Terms and Conditions and all matters relating to your access or use of this Website, including all disputes, shall be governed by and construed under the laws of the United States and of Delaware, without regard to the principles thereof relating to conflicts of laws.
The State and Federal Courts in the City of Wilmington, Delaware shall have exclusive jurisdiction over any action arising out of the Website.
Changes to our Terms and Conditions
SOC Prime may modify or update these Terms and Conditions from time to time, so please review it periodically. We may provide you additional forms of notice of modifications or updates as appropriate under the circumstances. Your continued use of the Service after any modification to these Terms and Conditions will constitute your acceptance of such modification.
We may terminate or suspend access to our Service immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach these Terms and Conditions.
How to contact us
If you have any questions about these Terms and Conditions or the Service, please contact us: firstname.lastname@example.org .
Effective date: December 05, 2019
Background to the General Data Protection Regulation (‘GDPR’)
The General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR”, “Regulation”) replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.
SOC Prime does not collect any personally-identifying information through the Site. SOC Prime also does not process or store any personal data or sensitive personal data.
If we plan to collect and process your personal data in the future, we will provide additional notice to you before starting any processing.
We may collect non-personal identification information about users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
Cookies are small pieces of information that Site transfers to an individual's hard drive for record-keeping purposes. Their purpose is to let us know when you visit our Site and save the preferences you set. Your browser can be set to notify you when you are sent a cookie, giving you the chance to decide whether or not to accept it. To control third party cookies, you can also adjust your browser settings.
Children's Online Privacy Protection
Children are not eligible to use SOC Prime Services. SOC Prime does not collect personal information from persons who are under 16 years of age. If you learn that a child under 16 has provided us with personal information without consent please contact our Data Protection Officer (“DPO”) by address: email@example.com
In the event that you wish to make a complaint about the fact that your personal data is being processed by SOC Prime or third parties you have the right to lodge a complaint to SOC Prime’s DPO by address: firstname.lastname@example.org or directly with the supervisory authority: The State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija in Lithuanian, website available at http://ada.lt/). Address: A. Juozapavičiaus str. 6 LT-09310 Vilnius Lithuania. T +370 5 279 1445, F +370 5 261 9494,