Skip to main content

SOC Prime Platform Product Release Notes 6.1.5

N
Written by Nataliia Pukaliak

February 6, 2026

© 2026 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

MCP Server & MCP Token

SOC Prime Platform release 6.1.5 introduces a new functionality that allows users to connect their AI agents and solutions to SOC Prime Platform's public MCP server using secure, token-based authentication. This enhancement provides access to SOC Prime Platform capabilities via MCP tools, allowing users to retrieve detailed information about a specific content item by its ID and AI-generated rule’s metadata, including short summary, full summary, and decision tree.

Users can interact with the MCP Server by sending requests to the /mcp endpoint using get_content_data and search_content tools. To learn how to communicate with the MCP Server and retrieve data, follow this guide.

To use the MCP Server, users must generate an MCP Token, which grants access to the detection content available under their organization’s subscription. This can be done by following the steps below:

  1. Go to Account icon > Platform Settings > MCP Tokens and select Add New MCP Token.

  2. In the modal window provide the following information:

    • Name of MCP token

    • Expiration date

    • IPs that are authorized to make requests to the MCP server

  3. Select Generate.

  4. When the MCP Token Generated modal appears, copy the generated token and save it.

Threat Detection Marketplace

Comments for Custom Content

With the latest Platform release, the SOC Prime users can leave comments on content from Custom Repository using the Comments section at the bottom of the Detection Intelligence and Detection Code tabs. The comments are visible to users in your organization. With the implementation of this feature, users can:

  • Leave a comment on a certain detection

  • Edit and delete a comment

  • Mention other users; mentioned users will receive an email notification

  • Reply to the comment in a thread

This enhancement makes it easier to share feedback and makes collaboration around detection content more transparent and efficient.

Uncoder AI

Carbon Black Translation Support

We’ve expanded Uncoder’s translation capabilities to support translating detection content from Carbon Black to other platforms, including Roota and Splunk. Users can now select Carbon Black as the source platform and translate content to supported target platforms.

Attack Detective

Scan Results Update

As part of the latest release, we’ve enhanced the user experience for scan results in Attack Detective. Users can now open each query that hit during the scan directly in the Threat Detection Marketplace. We’ve added the Open in TDM button to each query tile, allowing users to be redirected to the detection page in TDM, where they can seamlessly navigate between the Detection Intelligence and Detection Code tabs.

Blind Spots Update in Data Audit

With the latest release, we’ve optimized the Blind Spots view in Data Audits for improved efficiency and usability. In addition to the existing views, users can now view blind spots in the Index/Table view by simply selecting this option from the dropdown.

One more update has been implemented for the Logsource view of the blind spots. The Logsource view now includes an Indices/Tables section for each missing event.

Company Website Updates

Landing Pages Updates

With the latest SOC Prime release, we’ve refreshed the landing pages for Threat Detection Marketplace, Uncoder AI, and Attack Detective to make them more informative and user-friendly. The updated pages help users better understand our products’ value, explore key functionalities, and quickly find the information needed to make informed decisions.

Other Website Improvements

As part of the latest release, we’ve implemented a set of UX improvements to the SOC Prime website, in particular:

  • Refreshed the blog articles layout to improve readability and overall visual consistency.

  • Updated the Latest Threats category name to CVEs across the platform, including URL updates on all related pages, to ensure clearer naming and consistent navigation.

  • Updated the Request a Demo page to enhance usability, making it easier and more convenient for users to submit requests for personalized demos.

  • Active Threats now supports Ukrainian language, enabling users to view news items in Ukrainian.

  • Added author and article schemas to blog articles to improve content structure.

  • Improved the UX of the Attack Flow diagrams on Active Threats by fixing an issue where, in some cases, blocks were not properly located and the AND connector was not displaying correctly.

Content Quality Improvements

We are continuously working on enhancing the quality of the detection content translations to ensure smooth and error-free user experience. With the SOC Prime Platform release 6.1.5, we’ve introduced several improvements for translations:

  • Fixed issues with missing fields during translation to Elastic ocsf, ensuring reliable detection results.

  • Improved the translation in QRadar where single quotes (') were causing the translation issues; they are now substituted with double quotes (").

  • Improved error handling during translation from Google SecOps to Sigma, replacing generic Service connection error with clear and understandable error messages.

  • Improved Sigma generation for IOC queries by handling cases where sometimes unsupported characters could cause errors.

Key Bug Fixes & Improvements

  • Improved AI rules tagging, ensuring all techniques are correctly added as tags to the rules.

  • Fixed an issue in the translation process where, in some cases, Generation Error occurred when translating from certain platforms.

  • Fixed a minor UX issue where an error snackbar briefly flashed green before closing on the Data Plane page.

  • Fixed an issue with the Get /active-threats/get-updates API endpoint where, in some cases, it returned 404 error when users were retrieving notifications about Active Threats news items.

  • Fixed an issue where sometimes not all content was added to the Dynamic Content List when it was created using the Author filter.

Did this answer your question?