Skip to content

Releases: UncoderIO/Uncoder_IO

v1.0.3 beta

24 Jan 08:07
@UncoderIO UncoderIO
1.0.3
eb4b6f8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.3 beta Latest
Latest

Support for more output languages

  • Added support for Graylog

Improvements in translation quality

  • Added escaping mechanisms for the following platforms both as input and output: Splunk, CrowdStrike, Elastic Stack, Falcon LogScale, Microsoft Sentinel, IBM QRadar, Chronicle Security, AWS OpenSearch
  • The author and license of the source rule are now added as a comment to its translation if there's no description field
  • Roota:
    • Added parsing of Splunk keywords without quotes and fixed known issues with keywords
    • Added support for the != operator in Splunk queries and improved the logic of processing other operators
    • Improved translation of Roota with a Splunk query into Falcon LogScale by adding quotes to the values in table functions
    • Fixed an issue where the same default mapping could be applied for any output language
  • Sigma:
    • Fixed an issue with the wrong translation of the level field into some platforms
    • Improved parsing of the and not operator
Assets 2

v1.0.2 beta

20 Dec 13:47
@UncoderIO UncoderIO
1.0.2
c0a4420
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.2 beta

Improvements and bug fixes in the UI and UX

  • Updated "CrowdStrike" language name to "CrowdStrike Endpoint Security"
  • Fixed a bug where the output language selection was reset after pasting a chunk of code in the input panel
  • Fixed a UI bug where the action icon position slightly changed after selecting an input format
  • Extended the IOC-based query generation settings to provide a possibility to add source IPs to query with OR operator

Improvements in translation quality

  • Roota:
    • Added support for new operators:
      • !=, >, <, >=, and <= for Splunk, Microsoft Sentinel, Falcon LogScale, Chronicle Security, and IBM QRadar
      • > , <, >=, and <= for Elasticsearch
    • Improved keyword processing
    • Grouped identical translations in the output panel
    • Improved translations of hashed values from RootA with a Splunk query
    • Fixed a bug with language recognition in RootA body
    • Now, each translation includes the source RootA rule name and UUID in a comment
  • LogScale:
    • Made all translations case-insensitive using the //i operator
Assets 2

v1.0.1 beta

06 Dec 15:23
@UncoderIO UncoderIO
1.0.1
04adfeb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.1 beta

Improvements and bug fixes in the UI and UX

  • Implemented automatic replacement of items like (.){.} or hxxp in the input panel for IOCs
  • Now, the chosen output language is not changed when the user changes the input language
  • Added a screen for errors that cannot be handled
  • Fixed a bug with automatic detection of the input language after pasting a chunk of code in the input panel
  • Added IOC counters at the bottom of the input panel
  • Added tooltips for action icons in the input and output panels
  • Improved the flow of IOC type selection before translation
  • Fixed a bug where, in some cases, the output platform was changed to "undefined" after a period of inactivity when generating IOC queries

Improvements in translation quality

  • RootA
    • Fixed parsing of the threat field
    • MITRE ATT&CK tactics and techniques are now not included in the description if they have been parsed from the tags field when translating
    • Fixed a bug with RootA with Microsoft Sentinel Query translation into Elasticsearch, AWS Athena, and Sigma when part of the query was missing
    • Fixed a bug with the | where operator in translations from RootA with a Microsoft Sentinel Query into Splunk
    • Fixed a bug where Uncoder IO failed to translate RootA with a Microsoft Sentinel Query into Elasticsearch Rule
    • Fixed a bug with translations from RootA where some unsupported functions didn't appear in comments
    • Fixed tag parsing in translations from RootA with an Elasticsearch Query into Microsoft Sentinel Rule
    • Fixed a bug where RootA with an AWS OpenSearch Query failed to translate into Chronicle Rule
    • Added a check for empty queries in RootA rules
  • Sigma
    • Fixed parsing of the false positives and tags
    • Fixed a bug in translation from Sigma where a new UUID was generated for each translation instead of taking the UUID from the original Sigma rule
  • Falcon LogScale
    • Removed an excessive period (.) in the description field
    • Added escaping with a backslash () in translations
  • Elasticsearch
    • Non-Latin characters are now not encoded
  • Splunk
    • Removed an excessive space in comments with unsupported functions
    • Removed an excessive period (.) in the description field
    • Added missing spaces where values are in parenthesis without OR or AND statement
  • Microsoft Sentinel
    • Fixed a bug with using the | where operator instead of and
    • Removed an excessive space in comments with unsupported functions

Other minor improvements and fixes

  • Fixes in the code structure
Assets 2

v.1.0.0 beta

23 Nov 12:50
@UncoderIO UncoderIO
1.0.0
f47a762
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v.1.0.0 beta

Public beta release. Core capabilities:

  • Translation from Sigma Rules, a generic rule format for SIEM systems, to specific SIEM, EDR, and Data Lake languages.
  • IOC packaging from any non-binary format such as PDF, text, STIX, or OpenIOC to specific SIEM, EDR, and Data Lake languages.
  • Translation from RootA Rules, the newly released language for collective cyber defense, to specific SIEM, EDR, and Data Lake languages. Currently, only the basic syntax without complex functions is supported.

RootA and Sigma Rules can be translated into the following language formats:

  • AWS OpenSearch Query - opensearch-lucene-query
  • AWS Athena Query (Security Lake) - athena-sql-query
  • Falcon LogScale Query - logscale-lql-query
  • Falcon LogScale Rule - logscale-lql-rule
  • Splunk Query - splunk-spl-query
  • Splunk Alert - splunk-spl-rule
  • Microsoft Sentinel Query - sentinel-kql-query
  • Microsoft Sentinel Rule - sentinel-kql-rule
  • Microsoft Defender for Endpoint Query - mde-kql-query
  • IBM QRadar Query - qradar-aql-query
  • CrowdStrike Query - crowdstrike-spl-query
  • Elasticsearch Query - elastic-lucene-query
  • Elasticsearch Rule - elastic-lucene-rule
  • Sigma Rule - sigma-yml-rule
  • Chronicle Security Query - chronicle-yaral-query
  • Chronicle Security Rule - chronicle-yaral-rule

IOC-based queries can be generated in the following formats:

  • Microsoft Sentinel Query - sentinel-kql-query
  • Microsoft Defender for Endpoint Query - mde-kql-query
  • Splunk Query - splunk-spl-query
  • CrowdStrike Query - crowdstrike-spl-query
  • Elasticsearch Query - elastic-lucene-query
  • AWS OpenSearch Query - opensearch-lucene-query
  • Falcon LogScale Query - logscale-lql-query
  • IBM QRadar Query - qradar-aql-query
  • AWS Athena Query (Security Lake) - athena-sql-query
  • Chronicle Security Query - chronicle-yaral-query

The following types of IOCs are supported:

  • Hash
  • Domain
  • URL
  • IP
Assets 2