© 2025 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Falco Rule Support
We’re continuously enriching the list of supported SIEM, EDR, and Data Lake platforms and multiple language formats. With this SOC Prime Platform release 5.15.0, we’ve added support for Falco Rule. The newly added content type is now supported in the Threat Detection Marketplace, Uncoder IO, and Uncoder AI. Detection content in the Falco Rule format can now be saved in custom repositories in the Threat Detection Marketplace.
Pricing Updates
With the latest release, we have introduced major changes to our SOC Prime Platform subscription plans by releasing a new Personal Access free plan that replaces the previous Community subscription and new Solo subscriptions for Threat Detection Marketplace and Uncoder AI.
Free Personal Access to Threat Detection Marketplace
Personal Access plan to Threat Detection Marketplace enables security engineers to sign up with their personal email, check out the latest active threats, explore open-source Sigma rules from a single place, find detections via Light Search, which fuses AI with a Lucene-powered engine for speed and precision, and use Uncoder AI—all within free access.
Note: SOC Prime Platform users leveraging the free Personal Access plan will see a notification prompting them to upgrade If they attempt to access features exceeding their subscription limit.
Solo Subscriptions for Individual Researchers
We have released new Solo subscriptions tailored for individual security experts available for instant purchase via Stripe as monthly or annual plans:
Threat Detection Marketplace Solo offers access to the global active threats feed, tailored threat intelligence, and an extensive library of Sigma rules to stay on top of attacks. Uncoder AI Solo subscription is included.
Uncoder AI Solo provides access to the private IDE & co-pilot for daily detection engineering tasks. Previously exclusive to corporate clients, its full capabilities are now available for individual researchers, including:
Unlimited number of cross-platform translations
All syntax and logic checks by Warden
Unlimited IOC parsing (up to 10,000)
Unlimited IOC-query generation
Advanced IOC-based query generation settings
The Pricing page at https://my.socprime.com/pricing and at https://tdm.socprime.com/journey/ now offers the ability to switch between the tabs with three offerings, including Individual, Corporate, and Service.
Individual: Includes Free and Solo plans for advanced threat detection and detection engineering (Threat Detection Marketplace and Uncoder AI). For Solo subscriptions, users can choose between monthly or annual plans.
Corporate: Includes Free and Enterprise access to the complete SOC Prime product suite (Threat Detection Marketplace, Uncoder AI, and Attack Detective).
Note: The Enterprise subscription for Threat Detection Marketplace includes Uncoder AI and vice versa – Uncoder AI Enterprise includes Threat Detection Marketplace.
Service: Includes Detection Engineering and Threat Hunting offerings with the ability to switch between the plan for Enterprise (selected by default) or the subscription tailored for the MSSP & MDR providers:
For Enterprise
Detection Engineering: Offers top-tier rules, tools, and intelligence for enterprise-grade threat detection, delivered quickly and without the delays of traditional procurement.
Threat Hunting: Offers data-driven threat hunting with anonymized SIEM configurations, advanced MITRE ATT&CK mapping, all within a Zero Trust framework and without operational delays.
For MSSP & MDR
Detection Engineering: Offers service-oriented tools, rules, and intelligence for advanced detection engineering, designed for rapid implementation and client success.
Threat Hunting: Offers multi-tenant threat hunting using a data-driven approach and advanced MITRE ATT&CK mapping, all within a Zero Trust framework and without operational delays.
By purchasing one of the chosen plans, SOC Prime users will see a success pop-up notifying them of the subscription upgrade and its further activation.
As part of these updates, we’ve also made the following changes for the new look and feel of the Pricing page so it can reflect the latest subscriptions to SOC Prime Platform in the most intuitive fashion:
Returned the Uncoder AI tab
Removed the toggle switch For Individuals / For Organizations from the Uncoder AI tab
Manage Subscription
As part of the pricing changes, we’ve also added the CTA for seamless subscription management:
Manage Subscription link on the Individual tab when choosing the Solo plan for both Threat Detection Marketplace and Uncoder AI (at https://my.socprime.com/pricing and https://tdm.socprime.com/journey/). The link is available for monthly and annual plans.
Manage Personal Membership button on the Account Settings > Subscriptions in SOC Prime Platform.
SOC Prime Platform Navigation Updates
The header layout on the SOC Prime Platform has been updated for improved navigation and user experience:
Product List: The product list is now always expanded. The selected product is highlighted, while unselected products are dimmed, making it easier to identify the active product in use.
Upgrade Button: If the user doesn’t have an Enterprise subscription to the selected product, they can click the Upgrade button next to the log redirecting them to the pricing page.
Subscription Name:
For users with non-Enterprise subscriptions, the current subscription name will be displayed, providing clear visibility of the user's plan.
Company Website Updates
Homepage Updates
With this latest release, we’ve updated the UI of the main company page at https://socprime.com/ by adding a block to the first screen notifying defenders of the release of Personal Access to SOC Prime Platform as part of subscription plan updates. New users can now instantly sign up for SOC Prime Platform for free via the corresponding button from this block.
Also, we’ve improved the website page performance according to Google PageSpeed and added one heading and a couple of subheadings for certain sections as part of SEO enhancements.
News Category on the Main Website Navigation
We’ve added the News menu item with the subtitle “Headlines in cyberspace“ to the website's main navigation to help SOC Prime users easily find our latest updates and keep up with the current cybersecurity trends. The newly added menu item is located under the Resources tab.
New Webinars on the Events Page
In view of two upcoming online events, we have added the following webinars to the Events page, which lead to the corresponding registration pages:
Joint SOC Prime and Carahsoft webinar “The SOC of the Future: Advanced Strategies to Evolve SOC for Modern-Day Enterprise Cybersecurity”
Bi-lingual webinar “Next-Gen SOC: Innovations & Best Practices for Enterprise Security”, which is designed for both English- and German-speaking audiences
Other UX Improvements
As part of the website updates for an improved user experience, we’ve made changes to the image functionality on the SOC Prime blog, more specifically, we’ve added the ability to:
Preview images and enlarge them by clicking the corresponding one
Publish images in a row for blog posts so users can click to see enlarged images in a gallery
Uncoder IO Updates
With this latest release, we’ve updated the landing page content with UI changes to reflect the latest product changes.
GitHub Synchronization Improvements
We have improved GitHub synchronization for detection content by adding new source GitHub repositories. These repositories are now available for selection through a dedicated drop-down list to view the content. Previously, all GitHub sources were grouped under the Community repository.
Also, as part of these updates, when synchronizing Microsoft Sentinel content from GitHub, if a content item lacks the suppressionEnabled field, it is automatically set to false during synchronization.
Threat Detection Marketplace
Content View Button Behavior Update
We have introduced a set of improvements to the View button functionality on the Light Search and Active Threats pages:
If the content is available for the user, users are redirected to Uncoder AI in a new browser tab, where the corresponding content is automatically opened.
If the content is unavailable for the users, a tooltip appears, indicating a content access limitation and the ability to upgrade their subscription.
Active Threats
The latest SOC Prime Platform release introduces significant enhancements to the Active Threats page, which has officially moved out of BETA. This release includes a title update from Emerging Threats to Active Threats, better aligning with its objective of delivering actionable and timely updates on trending cyber threats.
IOC Queries
Also, in the course of this release, we have introduced a new IOC Queries functionality reflected as an additional tab in the threat description. This tab provides IOC queries generated by Uncoder AI automatically if the rule has relevant references. The referenced threat intel source is parsed, separated by the IOC types (domains, hashes, URLs, IPs), and then converted into an IOC-based Sigma rule. By hovering over the corresponding rule, you can find a link that leads to the external reference.
To explore the selected IOC details, click the View button, and you will be redirected to the query page with the following tabs:
Intelligence: Provides threat intel and relevant metadata, including media links, threat timeline, audit configuration and triage recommendations, false positives, and MITRE ATT&CK coverage data.
Code: Displays the query code convertible to the available SIEM, EDR, and Data Lake language format to further run a query in your environment.
Other Improvements
Additionally, SOC Prime Platform now contains a separate Platform repository aggregating all IOC queries autogenerated by Uncoder AI. Choose the Active Threats IOCs repo from the drop-down list to review all related detection content.
Also, we've removed a set of IPs as part of the release of IOC queries auto-generated by Uncoder AI, including:
1.1.1.1
1.0.0.1
2.2.2.2
8.8.8.8
8.8.4.4
9.9.9.9
The AI Summary functionality has been also enhanced to provide more accurate alignment with source content, including improved extraction and summarization of MITRE ATT&CK® Techniques, CVEs, and Actor information.
Light Search
With the latest release, we have introduced significant improvements to the Light Search page which now acts as a new Threat Detection Marketplace homepage. By using Light Search, SOC Prime clients have a broad range of options to customize their search and make it maximum precise:
Repositories: Users can choose the repositories they want to search across with a drop-down list available under the Repositories drop-down. Also, users can easily switch between Platform Repos and My Repos.
Suggester: We have introduced a suggestion feature in Light Search providing a simpler, keyword-driven experience by offering relevant suggestions as users type, improving search efficiency, and helping users quickly find what they are looking for.
Other Improvements
Add to List Functionality Improvement
With this latest release, we have introduced a major update for the Add to List button, including enhanced functionality and UI improvement. Specifically, in the Add to List pop-up, accessible both from the rule page and via the Add to List bulk action, users can now access:
Search Bar: A search functionality has been added to the pop-up, allowing users to search lists by name.
Sort By Selector: A drop-down has been incorporated, offering sorting options such as "Name" and "Updated.” The default sorting option is set to "Updated," displaying the most recent updates first.
Number of Selected Lists: The pop-up now displays the number of lists selected, providing users with clearer visibility and control.
Notably, the limit for content lists per company has been raised to 1000 content lists, offering more flexibility in content management. The API now supports retrieving up to 1000 techniques, which was previously limited to 50.
Top-Rated Alerts Tab on the Overview Page
In the latest update, we have aligned the date display across the Threat Detection Marketplace Overview and Search pages. To ensure consistency, the release date will now be replaced with the updated date on the Top-Rated Alerts tab of the Overview page. Additionally, this change will be applied to other tabs on the Overview page.
Inventory Page Improvements
A tooltip displaying the full value has been added to the options in the Type drop-down on the Inventory page. This enhancement helps users view the complete details of each option, improving clarity and usability.
We have also improved the Jobs functionality to streamline the process of deploying rules to AzureDevOps or GitHub, ensuring a smoother experience for our users.
Unlock Content in Bulk Before Forking
With this latest release, we’ve added the ability to unlock Premium detection content in bulk before forking it. Now when forking locked content to a repository, the corresponding content will be automatically unlocked.
Uncoder AI
With the latest SOC Prime Platform release, we have introduced the following updates to Uncoder AI to ensure enhanced user experience for our clients:
As part of switching to YARAL 2.0, we added support for aggregation functions when translating detection content from Sigma to Chronicle.
Added a new repository Active Threats IOCs to Uncoder AI.
Key Bug Fixes & Improvements
Updated the button text on the Code tab of each rule page within SOC Prime Platform to "Translate with Uncoder AI."
Resolved the issue in Custom Field Mapping to ensure long values in "Other Fields & Values" now occupy the full length of the field as intended.
Resolved issues with environment sharing and ownership to ensure only the creator can modify the Share to Company option, and the environment owner ID remains unchanged after edits by other users.
Resolved inconsistent time display issues in content items within Threat Detection Marketplace to ensure "Released" and "Updated" dates are now displayed consistently.
Fixed the logo slider behavior on the Why SOC Prime page of the website to eliminate empty space at the end.
Fixed the issue where Log Source changes and sorting options were not retained after navigating to the Choose Hunting Scenarios page and returning.
Fixed the UI issue on the Data Audit page where long "Check Connection" error messages were cropped improperly.
Improved error handling on the Light Search Open AI GPT tab.
Standardized the format for presenting both New and Current content in the Update Content window on the Inventory page for Microsoft Sentinel.
Resolved the “'x_content_parse_exception” error sometimes occurring when deploying certain content from Inventory to Elastic Cloud.
Improved Splunk field mapping for better translation quality.
Resolved the issue with Uncoder AI “private/reserved IP address exclusion/inclusion” not working correctly.
Resolved issue where “Add 1 file” content records were incorrectly displayed in Azure DevOps and GitHub integrations after deploying content to the repo.
Corrected the formatting issue for Microsoft Sentinel rules in some cases pulled into Azure DevOps Inventory.
Improved content recognition in Azure DevOps Repo integration — now all supported content types, including Microsoft Sentinel Query, Elastic Detection Rules (Lucene and EQL), Elastic Watcher, and Elastic SavedSearch, are correctly pulled into Inventory.
Resolved the issue where Elastic EQL Rule was in some cases incorrectly identified as a Lucene Rule during Azure DevOps Inventory.
Resolved a Standard Mode button issue in Uncoder AI, which was sometimes missing when Supercharge mode was enabled.
Improved UI for the Pricing page on the website to ensure proper layout and functionality across different screen sizes.
Resolved a RunTime error that sometimes occurred when deploying content via Integration in Azure DevOps.
Resolved the issue in the Supercharge mode of Uncoder AI where some field values were left blank in some cases. These fields now correctly display their values as expected.
Resolved a 400 error that sometimes occurred when pushing content directly to the source branch in Azure DevOps Repo.
Fixed detection logic translation for Sigma rules with “CommandLine|contains|all” condition when converted to Microsoft Sentinel.
Fixed the custom field mapping issue with Microsoft Defender for Endpoint. Now, when the user clicks Search on the rule page and is redirected to Quick Hunt, the appropriate mapping profile is applied.
Resolved logging issues related to bulk content translation if the source platform doesn’t exist.
Resolved the issue with a user being in some cases redirected to https://my.socprime.com after logging into SOC Prime Platform.
Fixed the issue on the Create New Preset Profile page where clicking the Index or Tags fields displayed an empty drop-down list.
Resolved the 500 Internal Service Error related to the /v1/ccm/content-list/{id} API endpoint.