Industry-First Augmented Intelligence Framework to Code, Validate, and Share Detection Logic Globally via Sigma Rules and MITRE ATT&CK®
SOC Prime, the world’s largest and most advanced platform for collective cyber defense, announces the upgrade of its Uncoder.IO project to Uncoder AI, an integrated development environment (IDE) for Detection Engineering, which converts generic Sigma rules along with tactical threat intelligence IOC collections into 64 SIEM, EDR, XDR, and Data Lake query formats.
According to the latest research by Gartner, leveraging AI-based threat detection engines focused on behavioral indicators provides increased visibility into cybersecurity threats and contributes to threat detection effectiveness. In practice, this means that the cyber defense industry needs to leverage behavior-based TTP detections at scale, agnostic of SIEM or XDR in place, along with a common threat description language and a common data schema, such as OCSF, to establish a foundation for this shift. With SOC Prime’s innovation-driven mindset focused on the era of AI, the Uncoder.IO project – initiated and supported by the Ukrainian team of security enthusiasts at SOC Prime since 2018 – evolves into Uncoder AI.
“With an upgrade from Uncoder.IO to Uncoder AI, we equip each cyber defender with an IDE to master one common language for cybersecurity, thus enabling collective threat-informed defense,” says Andrii Bezverkhyi, inventor of the Uncoder project, CEO and Founder at SOC Prime. “Instead of locking detection algorithms within one of the many SIEM, EDR, XDR, or Data Lake technologies, Uncoder can help you literally speak and understand 64 of these query languages at once while working together with your peers online to create detections against any cyber threat, before it manifests itself into an attack. This is a fundamental change to cyber defense – by acting together, we create a positive network effect that drives down the costs while accelerating the speed and accuracy at the same time.”
By taking joint action in describing detection code on offensive tools and TTPs, cyber defenders are able to deploy detection algorithms proactively, months and sometimes even years before adversaries mount an attack. This comes hand in hand with exchanging Detection Engineering and DevSecOps know-how on data access, as well as with accelerating Amazon’s OCSF adoption. In collective cyber defense, there is no client-vendor relationship – SOC Prime acts as a partner and as a peer colleague for each Detection Engineering and Threat Hunting professional.
To address the existing cybersecurity challenges demanding cost-efficient, fast, and feasible solutions, SOC Prime offers a large part of the Uncoder capabilities as a freemium community IDE. To unlock the full potential of the IDE for threat-informed defense, security experts can gain from the professional use of Uncoder AI, available at a personally affordable price range, just like buying a Netflix or Spotify monthly subscription, purchasable by a credit card via Stripe.
Uncoder AI fuses collective industry expertise along with artificial and augmented intelligence. Backed by the Sigma language as the core standard for the conversion engine, the tool enables security professionals to code, exchange, and improve detection algorithms while ensuring the privacy, security, and intellectual property rights of threat researchers. Since the official release of Uncoder AI on May 26, 2023, over 3,300+ detection engineers, threat hunters, and SOC analysts from 100+ countries have relied on it to research the latest cyber attacks, write Sigma rules, quickly and reliably translate them to their preferred query language, pack IOC collections alongside behavior-based detections, and get required metadata, including MITRE ATT&CK dictionaries, threat intelligence, CVE and exploit context, as well as log source data auditing requirements – all from a single tool.
Striving to outpace and outsmart attackers, Uncoder AI delivers sub-second performance on any detection engineering task, including line-by-line code validation and bug fixing, automated autocompletion, and IOC-based query generation. Beyond Sigma rule coding and bi-directional query translation, security engineers can build their threat research on top of collective industry expertise. Uncoder AI enriches detection algorithms with relevant threat intelligence from OSINT and external TIPs and automatically generates use case documentation to store on external systems.
The tool is run on a private cloud to provide an even more secure service to SOC Prime’s clients. Similarly to Uncoder.IO, Uncoder AI ensures no code logging or data sharing with third parties while fostering respect for the ownership rights of threat researchers who contribute their detection code. Threat research expressed through Sigma rules is considered the content authors’ intellectual property, and SOC Prime keeps all data confidential unless a researcher decides to share it via the crowdsourcing initiative, Threat Bounty Program. Being a trusted security-minded organization, SOC Prime regularly completes the audit for SOC 2 Type II certification while strictly adhering to GDPR guidelines and verifying its compliance with the high standards of excellence in cybersecurity.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!
