Uncoder.IO: Universal Sigma Rule Converter for Various SIEM, EDR, and NTDR Formats

Uncoder.IO is the online Sigma translation engine for SIEM saved searches, filters, queries, API requests, which helps SOC Analysts, Threat Hunters, and Detection Engineers to translate detections on the fly. It allows Blue Teams to break the limits of being dependent on a single tool for hunting and detecting threats and avoid technology lock-in. With an intuitive look and feel and streamlined flow, you can translate queries from one tool to another on the fly in a single place without the need to switch to the SIEM environment.


Explore Detection as Code Content and Custom Use Cases

Obtain 130k+ queries, parsers, SOC-ready dashboards, YARA and Snort rules, Machine Learning models and Incident Response Playbooks mapped to CVE and MITRE ATT&CK® frameworks. Threat Detection Marketplace continuously delivers custom use cases matching the organization's SIEM and XDR stack, which fits the innovative approach to threat hunting known as "Detection as Code."

Threat Detection Marketplace

Join SOC Prime’s crowdsourcing initiative, the world’s first bounty-driven Threat Detection Marketplace for SOC content, publish it to our industry-leading platform, and get rewarded for your valuable input.

Read 2021 Gartner, Magic Quadrant SIEM

SOC Prime is mentioned in the 2021 Gartner, Magic Quadrant for Security Information and Event Management for the 2nd year in a row as a content provider. Explore the Gartner Magic Quadrant report right now to keep abreast of the latest achievements on the SIEM market. Get direct access to the report without registration and no forms to fill out.


Uncoder.IO is a free project developed with privacy in mind. It doesn’t collect any user data while offering 100% free access to the automated Sigma rule converter.


Uncoder.IO Sigma converter supports on-the-fly translations to 20+ platforms, including Microsoft Sentinel, Google Chronicle Security, Sumo Logic, Humio, Splunk, and Elastic Cloud. Translations are supported via Sigma as the intermediate language and can be performed directly, for example, SPL to AQL to Elasticsearch. Some Sigma rules are included in the Uncoder.IO as examples, please note that they are licensed under the GNU General Public License.

Uncoder.IO was created by the SOC Prime Team with the goal to reinforce threat detection and response capabilities globally. Uncoder.IO is powered by Elasticsearch and the Sigma project, the generic rule format for SIEM systems.


Sign up for our Cyber Library online space to master your SIEM hard skills, watch deep dive educational videos, and catch up with how-to guides on threat hunting online.