Every user of the SOC Prime Platform can publish detection content in the Community repository to share it with the community, driving collaborative cybersecurity. All other users of the SOC Prime Platform can access and utilize such content without any restrictions. Additionally, you can easily share the link to the published content item's page via X, LinkedIn, or direct message.
When publishing rules/queries, please always comply with SOC Prime Platform Terms of Service and respect intellectual property laws, your organisation's restrictions on sharing detection content, and any other applicable rules.
How to Publish and Share Content
Once you've written a detection rule/query or generated it with AI, click the Publish button in Uncoder AI.
If the rule/query has not been saved:
Ensure the content name is provided. It can be parsed from rules, but for queries you need to define it manually.
Ensure the platform has been recognized correctly. If not, select the right platform from the dropdown.
Select a custom repository to save the content item to. To be published, a content item has to be saved to a custom repository.
If the rule/query has been saved, just click Publish in the modal that appears. You can set the Don't show again checkbox to skip this modal during the current session and publish the saved rules/queries in one click.
Once the rule/query has been published, a modal appears where you can:
Share the link to the published rule/query's page on LinkedIn
Share the link to the published rule/query's page on X
Copy the link to the published rule/query's page
View the published rule/query's page in the Community repository on Threat Detection Marketplace
You can always share the published rule/query later using the Share button:
In Uncoder AI
In Threat Detection Marketplace
Alternatively, you can publish content:
Right at the time of saving it in Uncoder AI. To do it, select Save & Publish after clicking the Save button
Once the content is saved, from its page in Threat Detection Marketplace. To do it, click Publish
Notes:
To create a custom repository, just save your first rule/query in Uncoder AI
If a Sigma rule is published, we automatically translate it to all possible platforms and save translations together with the Sigma rule
If you publish a rule/query that already has translations saved together with it as one group, all translations inside that group are published
Users with an Enterprise-level subscription can publish content saved in their own or shared custom repositories. In this case, the owner of the repository can revoke the published rule/query
If you update the version of the rule/query saved in your custom repository, the updates are automatically propagated to its published version
If you delete the version of the rule/query saved in your custom repository, its published version is NOT deleted. To remove it from the Community repository, revoke it
How to Revoke Published Content
To revoke a published rule/query, open it and click the Revoke button:
In Uncoder AI
In Threat Detection Marketplace
Notes:
The Revoke button is displayed both on the published rule/query and on its version saved in your custom repository
If you've published a rule/query saved in a shared custom repository that was created by another user from your team, the user who created this custom repository will also be able to revoke the rule/query
If a rule/query is revoked, it is removed from the Community repository and becomes unavailable to anyone. However, its version saved in your custom repository stays intact. You can publish this version again.
How to View Published Content
All published content is available in the Community repository. To access it, click the Community tab:
In Threat Detection Marketplace's Search
In Uncoder AI's Search
To only view rules published by you, click the Published by me option in the Authors filter.