How It Works Uncoder AI reads a Sigma detection rule designed to identify DNS queries to malicious domains linked with the Katz Stealer malware family. It then automatically rewrites the logic into a fully compatible Microsoft Defender for Endpoint (MDE) Advanced Hunting query using the Kusto Query Language (KQL). Left Panel – Sigma Rule: […]

The post Sigma-to-MDE Query Conversion: DNS Detection for Katz Stealer via Uncoder AI appeared first on SOC Prime.

How It Works This feature enables detection engineers to seamlessly convert Sigma rules into Google SecOps Query Language (UDM). In the screenshot, the original Sigma rule is designed to detect DNS queries to known Katz Stealer domains — a malware family associated with data exfiltration and command-and-control activity. Left Panel – Sigma Rule: The Sigma […]

The post Detect DNS Threats in Google SecOps: Katz Stealer Rule Conversion with Uncoder AI appeared first on SOC Prime.

Cross-Platform Rule Translation: From Sigma to CrowdStrike with Uncoder AI How It Works Uncoder AI takes structured detection content written in Sigma, a popular open detection rule format, and automatically converts it into platform-specific logic — in this case, CrowdStrike Endpoint Search syntax. The Sigma rule describes a technique where Deno (a secure JavaScript runtime) […]

The post Cross-Platform Rule Translation: From Sigma to CrowdStrike with Uncoder AI appeared first on SOC Prime.

How It Works Uncoder AI parses detection logic written for Palo Alto Cortex XSIAM and performs real-time validation based on both syntax rules and semantic expectations of the platform. In the screenshot, the query targets suspicious command-line executions and network activity related to UAC-0185 (CERT-UA#12414), such as PowerShell obfuscation, MSHTA abuse, and outbound connections to […]

The post AI-Powered Query Validation for Cortex XSIAM Detection appeared first on SOC Prime.

How It Works This Uncoder AI feature automatically analyzes and validates detection queries written for Microsoft Sentinel using Kusto Query Language (KQL). In this example, the input is a multi-condition search query designed to identify domain names linked to the SmokeLoader campaign (CERT-UA references shown). The left panel shows the detection logic: search (@”dipLombar.by” or […]

The post AI Validation for Sentinel Queries: Smarter KQL with Uncoder AI appeared first on SOC Prime.

Hard on the heels of the disclosure of a critical zero-day RCE vulnerability in Microsoft Windows, known as CVE-2025-33053, another security issue affecting Microsoft’s product hits the headlines. Researchers have recently uncovered CVE-2025-32711, dubbed “EchoLeak”, a critical vulnerability in Microsoft’s Copilot AI that lets attackers steal sensitive data via email, without any user interaction. This […]

The post CVE-2025-32711 Vulnerability: “EchoLeak” Flaw in Microsoft 365 Copilot Could Enable a Zero-Click Attack on an AI Agent appeared first on SOC Prime.

A new critical zero-day RCE vulnerability in Microsoft Windows, tracked as CVE-2025-33053, has been actively exploited by the Stealth Falcon (aka FruityArmor) APT group. The flaw leads to RCE by manipulating the system’s working directory. Attackers leveraged a previously unknown method to run files from a WebDAV server by altering the working directory of a […]

The post CVE-2025-33053 Exploitation: A Critical WebDAV Zero-Day RCE Vulnerability Actively Weaponized by Stealth Falcon APT Group appeared first on SOC Prime.

As the digital landscape continues to evolve in complexity, the number of discovered vulnerabilities is growing at an unprecedented pace, placing increasing pressure on cybersecurity teams. So far this year, NIST has recorded over 21,000 new CVEs, with experts projecting that number could reach 49,000+ by year’s end.  Given their widespread use, vulnerabilities affecting Microsoft […]

The post CVE-2025-33073: Windows SMB Client Zero-Day Lets Attackers Gain SYSTEM Privileges appeared first on SOC Prime.

As cyber threats continue to grow in scale and sophistication, artificial intelligence (AI) has emerged as a pivotal force in modern cybersecurity. AI systems enable faster, more accurate identification of potential attacks by automatically analyzing vast datasets, identifying anomalies, and adapting to new tactics in real time. Gartner’s Top Cybersecurity Trends of 2025 report underscores […]

The post How AI Can Be Used in Threat Detection appeared first on SOC Prime.

How It Works This Uncoder AI feature processes structured threat reports, such as those in IOC (Indicators of Compromise) format, and automatically transforms them into actionable detection logic. The screenshot illustrates: Left Panel: A classic threat intelligence report under the “COOKBOX” campaign, showing extracted hashes, domains, IPs, URLs, and registry keys associated with malicious PowerShell […]

The post IOC Intelligence to Google SecOps: Automated Conversion with Uncoder AI appeared first on SOC Prime.