Skip to main content

SOC Prime Platform Product Release Notes 5.13.5

Written by Eugene

SOC Prime Platform Product Release Notes 5.13.5

October 16, 2024

© 2024 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

Google Chronicle to Google SecOps Update

In response to the rebranding of Google Chronicle to Google SecOps, we have updated the platform naming across all SOC Prime assets. This includes revisions in the Threat Detection Marketplace, Uncoder AI, Attack Detective, and other sections of the SOC Prime Platform. Additionally, corresponding changes have been implemented on the SOC Prime website and the Uncoder.IO project webpage to ensure consistency throughout our resources.

Pricing Page Update

In the latest release, we have enhanced the Pricing page across the SOC Prime Platform and company website to provide users with a more streamlined way to contact our team for pricing information. Each Enterprise offering on the Pricing page now includes a Contact Us button with the following options:

  • Contact Us for Pricing Plans: Opens a modal window for submitting pricing-related questions or requests.

  • Book a Meeting: Opens a Calendly pop-up to schedule a meeting at your convenience.

  • Email Us With Questions: Opens a modal window to submit any general inquiries.

  • Chat Via Intercom: Initiates a live chat via Intercom to discuss questions or requests with our support team in real time.

Additionally, the outdated compare plans information has been removed.

Enhanced Elastic EQL Support

With this latest release, we have enhanced the support of Elastic EQL language in Threat Detection Marketplace and Uncoder AI to ensure proper Elastic EQL query translation to Lucene, along with other supported formats.

Threat Detection Marketplace

Jobs Updates & Improvements

Unique Job Name Validation

For a better user experience, with this release, we’ve added validation to make sure that each Job name in the company is unique. Validation runs when creating a new Job or editing an existing one. If a Job with the same name already exists, users will see the corresponding “A Job with this name already exists in your organization“ error message.

Sumo Logic CSE Support

With this latest release, we’ve added Sumo Logic CSE support for Jobs, enabling users to select Sumo Logic CSE Rule or Sumo Logic CSE Query in the Content Type field when Sumo Logic Data Plane is selected in the Job settings.

UX Improvements

We’ve implemented a set of UX improvements on the Jobs and Lists pages, including the following:

  • Removed a blank space above the pop-up when creating and editing a new Job or List

  • Resolved the scrolling issue when the Create New Content List / Create New Job pop-up is open

New GitHub Repository Added to Community

With this Platform release, we’ve added synchronization with a new GitHub repository, which now is included in the Community repo on the Threat Detection Marketplace (TDM).

Uncoder AI

Improved Log Source Identification

In this release, we have significantly enhanced the log source identification functionality during Roota generation in the Supercharge mode of Uncoder AI. This update ensures that automated detection rule enrichment with metadata is executed accurately featuring proper identification of the source query language, corresponding ATT&CK tags, and log sources.

Attack Detective

Current Sigma Rule Count

In the latest Attack Detective 2.21 release, we've enhanced the Sigma rule count statistics displayed in the Settings section of your account. Users can now easily track the remaining number of premium Sigma rules available for unlocking by clicking the account icon in the upper-right corner of any SOC Prime Platform page.

This real-time tracking provides Enterprise subscription users with key information, including:

  • Scans: The number of scans performed

  • Audits: The number of audits completed

  • Sigma Rules (): The number of Sigma rules yet to be unlocked

These updates offer greater visibility into your progress and available resources.

Exclude from Next Scans Improvements

With this latest Attack Detective release, we’ve made UX improvements to the Exclude from next scans functionality. Now, after clicking the Exclude from next scans button on the Scan Results page and confirming the action with Apply, users will see a notification with a direct link to the TDM filter, which allows them to instantly review all content that has been excluded from future scans.

Key Bug Fixes & Improvements

  • Fixed Inventory issues linked to Google SecOps to ensure rules updated in Threat Detection Marketplace are properly displayed on the Inventory page.

  • Enhanced the manual Deploy Changes functionality on the Inventory page to ensure updates are accurately applied to the target entity.

  • Resolved a UI issue on the Inventory page by adjusting the Content Name line to fit the dimensions of the Edit pop-up, ensuring proper display and alignment within the interface.

  • Fixed the issue in the Audit Configuration section of the Intelligence View for Threat Detection Marketplace rules by correcting the placement of bulleted lists.

  • Resolved the issue with the Data Plane Name where special characters restricted by the SOC Prime Platform were not triggering validation errors. This led to failed creation attempts without notifying the user. The fix includes enhanced validation measures and proper notification alerts, ensuring users are informed if they attempt to create a Data Plane with invalid characters, preventing unsuccessful operations when clicking the Add button.

  • Resolved the issue where the Help Center menu was overlapping the Calendly pop-up triggered by the Schedule a Call button. The fix ensures that the modal window is properly displayed without interference from the Help Center menu.

  • Removed extra space at the Elevate Detection Engineering page on the SOC Prime website.

  • Resolved duplication issue while deploying detection content to Azure DevOps.

  • Resolved the parsing issue from Elasticsearch

  • As part of content translation improvements, fixed the issue with specific Splunk queries, which were not converted by the Splunk parser.

  • Fixed the issue with the History page at Threat Detection Marketplace to ensure that tooltips are displayed properly.

  • Enhanced the automated translation of Roota rules into the Google SecOps native query format. This improvement includes the addition of corresponding fields that align with Google SecOps mapping.

  • Improved Carbon Black translation in Uncoder AI

  • Resolved the issue with Sumo Logic detections, enabling them to be pulled from Inventory.

  • Made the following improvements affecting the content_management index and related to the Sumo Logic content:

    • Fixed a couple of issues with Sumo Logic content inventorization

    • Resolved the issue when the Sumo Logic Inventory Job encountered a problem returning the content body

  • Resolved the following Attack Detective issues on the Scan Results page:

    • Made UX improvements to the calendar pop-up and fixed the issue with the date, which was not involved in the Scan period, was available for selection

Resolved the issue with the Select all checkbox, which didn’t trigger the selection of all detection content as expected before the fix

Did this answer your question?