August 18, 2025
© 2025 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
AI-Native Cybersecurity Workflow
SOC Prime’s release 6.0.0 focuses on delivering smarter, faster AI-native workflows for threat detection. Key enhancements include the following:
Uncoder AI, which now acts as the AI Chat Bot, giving users a fast, conversational way to handle end-to-end cybersecurity tasks.
Model Context Protocol Tools, providing a context-aware bridge between AI and real-world data sources.
MISP Integration, enabling an easy search for IOCs and CTI events on your MISP server with Uncoder acting as an agent.
Model Context Protocol Tools Support
With this release, we’ve added support for Model Context Protocol (MCP) tools that transform AI into a contextually aware cybersecurity co-pilot. MCP provides a framework for AI to understand instrumentation and make decisions grounded in the organization’s environment and threat landscape. MCP is an open standard that connects LLMs to diverse data sources and tools, similar to how USB-C links devices. This standard enables easier integration, vendor flexibility, pre-built connections, and secure data handling, supporting agents and complex LLM workflows.
With the MCP standard, Uncoder AI performs content-based searches by converting requests into keywords for metadata lookup. MCP ensures that AI functionality works intelligently, understanding user inputs and applying the right AI feature for the task.
MISP Integration
With this latest SOC Prime Platform release, we’ve introduced MISP integration, an open-source threat intelligence platform formerly known as Malware Information Sharing Platform, which allows organizations to share, store and correlate IOCs, malware samples, and other cybersecurity information.
To set up the MISP integration, SOC Prime users need to take the following steps:
Go to the Create New Integration page.
In the Profile Details section, fill out the profile details by choosing the profile name, selecting whether to share the profile across the company, and selecting MISP from the Select Integration drop-down options.
In the Configuration section, fill out the MISP URL and API Key fields.
Click Save Сhanges.
Note: The SSL verification toggle switch is enabled by default.
Once created, the Check Connection option is available for the newly created integration profile under the Status column on the Integrations page, similarly to other integrations. When editing the integration profile, users can see the latest update details and launch this update manually.
SOC Prime Attack Detective App for Microsoft Graph API Support
With the SOC Prime Platform release 6.0.0, we’ve added the SOC Prime Attack Detective App for Microsoft Graph API to SOC Prime Platform. The SOC Prime Attack Detective App for Microsoft Graph API provides a secure bridge between Microsoft Defender for Endpoint and the SOC Prime Attack Detective platform, enabling automated threat hunting and security analysis.
Company Website Updates
As part of the latest release, we’ve implemented UX improvements to the SOC Prime website, more specifically:
Redesigned the SOC Prime blog pages and added breadcrumbs to improve user navigation.
Fixed specific post sections of related blog articles.
Updated the SOC Prime Platform Terms of Service page at https://my.socprime.com/tos/ to allow search engine indexing.
Threat Detection Marketplace
The SOC Prime Platform 6.0.0 release introduces significant enhancements to the Platform’s AI-native capabilities, designed to accelerate and simplify the way security teams explore, analyze, and respond to threats. This update leverages integrated intelligence, actionable insights, and advanced detection tools through the AI Chat Bot interface and Model Context Protocol (MCP), enabling streamlined, end-to-end detection pipelines.
A smarter AI-driven process now connects Active Threats and Uncoder AI, providing a fully integrated workflow for discovery, analysis, and response. With these improvements, security teams can make faster, more accurate operational decisions.
Continue reading to learn about the latest updates in Active Threats, or jump directly to the Uncoder AI section for details on new enhancements.
Active Threats
Improved Performance & Coverage
Active Threats now processes and aggregates a larger volume of threat intelligence streams, providing broader coverage and more actionable insights. Users can easily prioritize the most critical threats, quickly filter relevant events, operationalize the CTI, and detect attacks more efficiently.
Threat of the Month
With this release, Active Threats highlights Threat of the Month, selected by SOC Prime experts for its criticality and relevance. The item includes AI-generated summaries, related CTI, Attack Flow visuals, and detection rules. All this is available to SOC Prime Platform users for free, supporting faster prioritization and industry-wide expertise sharing.
AI-Powered Search
The upgraded Active Threats search lets users explore the latest threats in 200+ languages with AI-powered precision. It transforms natural language prompts into accurate filters for CTI, IOCs, and detection rules, delivering a summarized view of results, fusing threat intelligence from multiple sources.
To use the new AI-powered search across Active Threats:
Enter a natural language prompt in the Search bar at the top of the Active Threats page.
The Platform processes a user’s query, filters relevant Active Threats news items, and generates a concise, aggregated summary of the related search in plain language.
At the top of the feed, users will see the counts of matching Active Threats news items, SOC Prime Rules, IOC Queries, and AI Rules.
From the summary, users can seamlessly continue their investigation in Uncoder AI by pressing the Research in Uncoder button.
Other Improvements
With the latest Active Threats update we have introduced a set of UI improvements to ensure the most smooth and streamlined experience for the SOC Prime Platform users:
Dashboards: Active Threats dashboards are now hidden by default. Users can reveal key metrics, including Threats Addressed, Top 3 Techniques Used, and Top 3 Active Actors, by selecting the View Dashboards button at the top of the Active Threats page.
Updated News Item Layout: Each Active Threats news item now features three tabs:
AI Summary: Provides an AI-generated overview.
Attack Flow: Displays Attack Flow visualizations in both Flow and Matrix views.
Detections: Contains sub-tabs for reviewing Behavioral Rules, IOC Queries, and AI Rules.
IOC Query Generation: The SOC Prime Platform now automatically generates IOC queries based on emails, adding this capability on top of the existing indicator types list, enabling faster investigation of potential threats.
Uncoder AI
This release enhances the Platform’s AI-native capabilities, delivering a fully integrated AI-driven workflow for threat detection. Explore the latest updates in Uncoder AI by reading further or go directly to Active Threats for new enhancements.
AI Chat Bot
The latest Uncoder AI update introduces a New AI Chat Bot mode, a dialog-based, user-friendly interface that lets users interact with Uncoder AI in plain language and perform detection engineering tasks end-to-end. The New mode is backed by MCP tools supporting complex LLM workflows and enabling AI to stay grounded in the user’s environment and threat landscape. The Classic mode also remains available, preserving the traditional Uncoder UI for users who prefer the original experience.
Note: The New AI Chat Bot mode is currently in Early Access, meaning that new features are being continuously added. Certain capabilities, like working with specific MCP tools and modifying AI-generated objects, e.g,. Attack Flows, have only basic functionality that is regularly expanded.
Custom Prompt
The new AI Chat Bot interface allows users to enter prompts in natural language and perform a full range of detection engineering tasks end-to-end.
To execute the detection engineering task using a custom prompt, follow the steps below:
Enter your prompt in the dialog box at the bottom of the page.
Press the arrow button to submit it to Uncoder AI and view results in the box above the dialog.
Expand results by selecting the corresponding tiles; full details will appear in the right-hand panel, which also acts as a detection rule code editor.
Track your progress by pressing the History button at the top of the left-hand panel to review previous prompts.
Create a new chat by pressing the “+” button at the top of the left-hand panel.
AI Tasks
Alternatively, users can choose from pre-built AI tasks if they prefer a guided approach instead of interacting with the AI Chat Bot via custom prompts. In this release, the available AI tasks include:
Behavior Rule: Generate behavioral rules based on a threat report, description of malicious activity, or the user’s custom input.
Short Summary: Instantly translate complex queries into clear, exec-level summaries.
Full Summary: Gain instant, human-readable logic explanations for your rules/queries.
Attack Flow: Convert a threat report or a description of malicious activity into a visual Attack Flow diagram.
Search in Active Threats: Obtain detailed threat intelligence and detection rules by searching Active Threats with Uncoder AI. The search returns up to five of the most relevant and recent news items. Users can also search for detection content in the Threat Detection Marketplace, which also returns up to five of the most recent content items.
To initiate the AI task, users should follow the routine below:
Paste a threat report, detection code, or other relevant information Uncoder AI. Alternatively, use the Detections button to search the Threat Detection Marketplace.
Select an AI task from the Task drop-down or the AI task list above the dialog box.
Press the arrow button to submit the prompt to Uncoder AI and view results in the section above the dialog box.
Expand results by selecting the corresponding tiles; full details will appear in the right-hand panel, which also acts as a detection rule code editor.
Use the History and Create New Chat buttons to track your progress or start from scratch.
Detection Rule Code Editor
The latest update brings detection rule code editing directly into the New mode of Uncoder AI. The left-hand panel now serves as a built-in editor where users can create rules from scratch or modify existing code. Detection logic can be tuned using AI tasks or custom prompts, with AI-generated suggestions displayed above the dialog box on the left. The adjustments can be instantly applied to the editor section on the right via the Replace or Copy buttons. Once finalized, rules can be saved to a custom repository or copied directly from the Uncoder UI.
Elastic ES|QL Query & Rule Support
With the latest release, we have introduced support for Elastic ES|QL Query and Elastic ES|QL Rule formats to Uncoder AI, ensuring proper aggregation.
Key Bug Fixes & Improvements
Resolved an issue related to the failed Sigma translation when, in some cases, an error did not display in Uncoder AI.
Fixed a layout issue on the main website page where the title overlapped the body content.
Resolved the issue with the broken Microsoft Sentinel YAML Rule structure after applying a Preset.
Made UX improvements to the Contact Us pop-up forms at the Why SOC Prime, About Us, and Partners website pages by fixing minor issues and customizing the forms.