Uncoder.IO is the online translator for SIEM saved searches, filters, queries, API requests, correlation and Sigma rules to help SOC Analysts, Threat Hunters and SIEM Engineers. Serving as one common language for cyber security it allows blue teams to break the limits of being dependent on single tool for hunting and detecting threats and avoid technology lock-in. With easy, fast and private UI you can translate the queries from one tool to another without a need to access to SIEM environment and in a matter of just few seconds.
Uncoder.io is a free project and is developed with privacy in mind so it collects no data on its users. If you like the uncoder.io and would like translations to get more accurate please check the box “share my query to improve translation”! Otherwise your queries are not saved and only you can see their inputs and outputs.
Uncoder.IO supports rules based on Sigma, ArcSight, Elastic, Splunk, QRadar, Qualys IOC. Translations are supported via Sigma as intermediate language and can be performed directly, for example, SPL to AQL to Elasticsearch. Some Sigma rules are included into the Uncoder.IO as examples, please note that they are licensed on GNU General Public License https://github.com/Neo23x0/sigma/blob/master/LICENSE.GPL.txt.
For more examples and SIEM content, open and private Sigma rules as well as direct mapping of content against MITRE ATT&CK you can subscribe to free membership of SOC Prime Threat Detection Marketplace.
Sign Up to TDM Go to SOC PrimeUncoder was created by SOC Prime team with the goal to speed up threat detection and response globally. Uncoder.io is powered by Elasticsearch https://github.com/elastic/elasticsearch and the Sigma project, the Generic rule format for SIEM systems https://github.com/Neo23x0/sigma.