Skip to main content

SOC Prime Platform Product Release Notes 6.1.4

N
Written by Nataliia Pukaliak

January 15, 2026

© 2026 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

Platform Settings: Team Management Update

With this release, we’ve enhanced team management capabilities for managers. Invited, but yet not yet registered users are now listed in Platform Settings > Team Management, with their email address, role, and status Invited displayed correspondingly. From this page, the managers can also revoke invitations, which updates the status of the user to Invitation Revoked. When an invitation is revoked, the user is automatically notified via email.

Account Settings Update

With this release, we’ve enhanced email notifications on the Account Settings page by adding a new Notify me when SSO creates a new account toggle. Once turned on, user will receive an email alert whenever a new user account is created via Single Sign-On.

Threat Detection Marketplace

Advanced Search Updates

With this latest SOC Prime Platform release, we’ve updated the Search Profiles in Platform Settings. The former Make Default toggle has been renamed to Default on Coverages, and a new Default on Search toggle has been added. With this update, users can mark the corresponding profile as Default on Search, so it is applied by default in Advanced Search for detection searches.

The default Search Profile is not applied to the Advanced Search in cases when navigating via drill-down from Dashboard, Leaderboards, Overview, or Active Threats. When navigating via drill-down from Log Source Coverage or MITRE ATT&CK Coverage, the detections are filtered based on the search profile selected on the Log Source Coverage or MITRE ATT&CK Coverage page.

We’ve added a new Detection Type filter in Advanced Search, helping users find relevant detections in the Platform Repos. Users can filter the detections by selecting the way they’ve been created:

  • Human-Written Behavior Rules. Detections created by human experts.

  • Auto-Generated IOC Queries. All IOC queries related to a particular threat or attack which are automatically generated using SOC Prime algorithms based on a threat report.

  • AI-Generated Rules. All detections created by SOC Prime AI models.

Active Threats API

With this release, we’ve introduced a new API endpoint Get /active-threats/get-updates that allows users to retrieve notifications about Active Threats news items based on user permissions. The date_start and date_end parameters should be used to specify the time range for retrieving Active Threats news items.

Uncoder AI

AIDEFEND Framework Support

With the 6.1.4 Platform release, we’ve expanded the list of AI Tasks available in the New Uncoder mode. We’ve introduced the AIDEFEND Framework, enabling users to discover defensive countermeasures to protect AI/ML systems from emerging threats. By using AIDEFEND directly via Uncoder, users can identify AI/ML security threats, select defense techniques, implement secure controls, and plan incident response. Powered by the Artificial Intelligence Defense Framework (AIDEFEND), it leverages 8 key MCP tools that are automatically selected based on user prompts to provide guidance for securing AI/ML systems.

Content Quality Improvement

With the latest SOC Prime Platform release, we’ve introduced improvement for translation to the Elastic ES|QL platform. We’ve improved the quality of ES|QL translations by adding double escaping with double \\ for . character.

Attack Detective

Google SecOps API Updates

With this release, we’ve introduced support for a new Google SecOps API, enabling the platform to retrieve event codes during data audits. This enhancement enables blind spot detection based on missing event codes and provides recommendations for event codes that are not currently collected.

In addition to this, we’ve implemented Assets and Accounts count during scans using the new Google SecOps API to improve visibility into coverage and potential blind spots.

PDF Report Generation

With the latest Attack Detective release, we’ve introduced infographic-style Attack Detective reports that provide a clear, comprehensive, visually structured summary of scan results, including spider charts, blind spots, triggered rules, recommendations, and a threat surface overview.

Users can now generate the reports as PDFs directly from multiple places in the interface, making reporting easier and more efficient.

The PDF report can be generated on the Scans > Investigations tab.

Additionally, the Scans page has been updated so that users can generate reports directly from a selected scan via the Scan Overview, Log Sources, and Scan Results tabs.

Once generated, reports can be quickly and easily downloaded from the Reports page, providing users with a comprehensive and visually informative overview.

Company Website Updates

Active Threats Section in Resources

With the latest release, we’ve enhanced Active Threats functionality on the SOC Prime website for a better user experience. To access the news feed, select Resources > Active Threats from the main website navigation.

We’ve made the following enhancements:

  • Introduced a workflow that automatically syncs Active Threats published on the SOC Prime Platform with the corresponding website section, ensuring users always stay up to date.

  • Added multiple languages to Active Threats. Besides English, users can now select Spanish, Portuguese, Japanese, German, Korean, Italian, or French and view items in these languages.

GoSecure Customer Success Story

With the latest Platform release, we’ve published a new customer success story with GoSecure, highlighting how SOC Prime helped accelerate detection workflows, improve translation accuracy, cut false positives by 30%, double hunt speed, and strengthen MXDR coverage.

Blog Update

With this release, we’ve enhanced the blog’s UI/UX to deliver a better experience for readers through a set of improvements, including a refined heading structure, multiple language availability, enhanced visual structure and alignment.

Other Improvements

With this release, we’ve also improved breadcrumb navigation on the Active Threats page on desktop devices, so that titles of the active threats are fully visible and no longer get cut off.

Key Bug Fixes & Improvements

  • Fixed an UI issue that sometimes caused the Bulk Translation modal not open when selecting the Bulk Translate option in the Repositories page.

  • Fixed an issue where the number of rules displayed in Active Threats was limited to 6.

  • Fixed an issue where, in some cases, the content deleted from the Inventory page was still displayed as Available for Update.

  • Improved Search in Splunk functionality, available from the Detection Code tab of the rule, to ensure a smooth and error-free user experience.

  • Resolved an issue when encoded content was displayed in the Edit modal on the Inventory page.

  • Resolved a UI issue where the crossed-eye icon was sometimes incorrectly displayed on the View button in the content list.

  • Related to Uncoder AI improvements:

    • Fixed an issue where MITRE ATT&CK tools were sometimes inconsistently displayed in Uncoder compared to the Intelligence tab of a rule in the Threat Detection Marketplace.

    • Fixed an issue where values on the Translate tab in the Settings window were incorrectly capitalized; they now display as defined on the Platform Settings page.

    • Fixed an issue where on the Translate tab, the Settings button was not displayed if selecting Roota as the source language.

  • Related to Attack Detective improvements:

    • Enhanced the aggregation statement added to the Splunk query to ensure more accurate and relevant data is captured during the scans.

    • Investigated and resolved issues that, in some cases, caused scans for Google SecOps fail to complete or crash.

    • Fixed an issue where, in some cases, Custom Field Mapping was not applied to content.

    • Fixed an issue where, in some cases, Content Audit for Elastic did not work when the Data Plane was created using an API key.

    • Fixed an issue where sometimes blind spots for Splunk were not determined correctly.

    • Added the Blind spots option for the Chronicle Data Plane.

  • Improved the sign-up experience for users coming from blogs by automatically pre-filling the email field.

  • Fixed the Chronicle parser to ensure proper translation to the Sigma format.

  • Improved input validation in the New Uncoder mode for the AIDEFEND Framework task by disabling the Enter button until the text is entered.

  • For certain detections with the Query content type, translations into Rules were inadvertently generated in addition to queries. We've removed these translations since only the Query format can be recommended for these detections.

  • Resolved an issue sometimes occurring during rule generation with AI and leading to rule fields duplication, breaking the rule structure.

Did this answer your question?