How It Works Turning threat reports into detection logic is often the most time-intensive part of the detection engineering lifecycle. Reports are written for humans, not machines — and transforming narrative threat intelligence into actionable rules can take hours of manual interpretation. Uncoder AI solves this with AI-assisted rule generation from reports. By analyzing threat […]

The post From Threat Report to Detection Logic: Uncoder AI Automates Rule Generation appeared first on SOC Prime.

Following the CVE-2025-30406 disclosure, an RCE flaw in the widely used Gladinet CentreStack and Triofox platforms, another highly critical vulnerability that could also allow remote execution of arbitrary code without authentication, is coming to the scene. The flaw, tracked as CVE-2025-34028, has been recently uncovered in the Command Center installation, which could lead to a […]

The post CVE-2025-34028 Detection: A Maximum-Severity Vulnerability in the Commvault Command Center Enables RCE appeared first on SOC Prime.

Detecting insider access to sensitive data—like password documents—is a challenge for even mature SOC teams, especially when the activity is wrapped in benign processes like Notepad or triggered via Windows Explorer. While SentinelOne provides robust telemetry, interpreting detection rules often requires navigating multi-condition logic. That’s where Uncoder AI’s AI-generated Decision Tree transforms the workflow. Instead […]

The post Visualizing Insider Threat Detection with Uncoder AI’s Decision Tree for SentinelOne Queries appeared first on SOC Prime.

In today’s hybrid environments, legitimate tools like Notepad can be silently used to view or stage sensitive data such as password files—especially by insiders or low-and-slow threat actors. While Google SecOps (UDM) supports highly specific detections, the logic behind them is often layered and complex. That’s why Uncoder AI’s AI-generated Decision Tree has become an […]

The post Visualizing Sensitive File Discovery in Google SecOps with Uncoder AI’s Decision Tree appeared first on SOC Prime.

Working with Microsoft Sentinel often means dissecting complex Kusto queries, especially when tracking subtle attacker behavior. These queries can include nested logic, obscure file path checks, and uncommon system events that require deep understanding. That’s exactly where Uncoder AI’s Full Summary feature shines. This AI-powered enhancement automatically translates complex Microsoft Sentinel (Kusto) detection logic into […]

The post How Full Summary in Uncoder AI Supercharges Kusto Query Analysis for Threat Hunters appeared first on SOC Prime.

Detecting stealthy command-line activity that may indicate dark web access or anonymized traffic is a growing challenge for security teams. Tools like curl.exe—while entirely legitimate—can be leveraged by advanced threats to route traffic through proxy networks or TOR. This is where Uncoder AI’s Full Summary capability provides crucial context. When applied to SentinelOne Query Language […]

The post Investigating Curl-Based TOR Proxy Access with Uncoder AI and SentinelOne Query Language appeared first on SOC Prime.

ESET’s Q2-Q3 2024 APT Activity Report highlights China-affiliated groups leading global APT operations, with campaigns aimed at intelligence gathering being among the most common and persistent threats. The China-linked espionage group known as Billbug has been observed breaching multiple organizations in Southeast Asia across several industry verticals throughout August 2024 and February 2025 using novel […]

The post Billbug Attack Detection: China-Linked Espionage Actors Target Southeast Asian Organizations appeared first on SOC Prime.

In the world of Security Operations, speed and clarity are everything. When analysts sift through complex detection logic—especially in extensive environments like Windows—every second matters. SOC Prime’s Uncoder AI steps in precisely here, offering a unique feature that’s proving indispensable: the Short AI-generated Summary. This AI-powered functionality isn’t just a convenience—it’s a practical tool that […]

The post Accelerating Threat Detection with Uncoder AI’s “Short AI-generated Summary” appeared first on SOC Prime.

Modern SOC teams dealing with Splunk Detections need to process large volumes of detection logic written in SPL. The challenge? Much of it is complex, verbose, and time-consuming to understand—when working with Splunk content from external sources or Sigma-based rules converted to Splunk format. Uncoder AI’s Full AI-generated Summary tackles this exact pain point by […]

The post Making Splunk Detection Work Faster with Uncoder AI’s Full Summary appeared first on SOC Prime.

A critical vulnerability in the widely used Gladinet CentreStack and Triofox enterprise file sharing and remote access platforms has surfaced — and it’s already under active exploitation. At least seven organizations have reportedly been compromised through this flaw, tracked as  CVE-2025-30406. The root cause? A hard-coded cryptographic key that leaves internet-facing servers dangerously exposed to […]

The post CVE-2025-30406 Detection: Critical RCE Vulnerability in Gladinet CentreStack & Triofox Under Active Exploitation appeared first on SOC Prime.