February 24, 2026
© 2026 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Managing Curated Rule Sets in Google SecOps
With the latest SOC Prime release, we’ve enhanced the management of the Curated Rule Set type in Inventory for Google SecOps. Users have now the ability to separately enable or disable Broad and Precise rule groups in the Curated Rule Sets in their Google SecOps instance. Additionally, we’ve implemented alerting for Curated Rule Sets to support Curated Rule Sets management. These configurations can be set in the modal after selecting the Enable or Disable action in Inventory.
The Status column in Inventory now reflects the selected configuration:
P indicates that the Curated Rule Set is enabled as Precise
B indicates that the Curated Rule Set is enabled as Broad
Additionally, the naming pattern of Curated Rule Sets has been updated for the simplicity of identification. From now on, Curated Rule Sets will be displayed using the following format: {Curated Rule Set Category} - {Curated Rule Set Name}.
Threat Detection Marketplace
Bulk Fork Action Updates
With the latest SOC Prime release, we’ve enhanced bulk action Fork to My Repo. On the Search page, users can now select all detection rules from their search results across all pages and fork them to their repos, making it easier to manage and organize large sets of rules. This feature is available according to the users’ subscription plan.
To fork all search results to the repos, users need to follow these steps:
Select at least one checkbox next to a rule to reveal the Select All Items button, then click it to select all rules.
Select Fork to My Repo and, in the modal, provide the following information:
Repository: Specify the repository to fork the rules to. If there isn’t enough free space in the selected repositories, the corresponding notification will appear.
Translation: Specify which translations to fork. You can select up to three platforms.
Note: Only the Fork to My Repo option is available for the Select All Items action.
Select Fork.
If the selection includes rules that are locked, the modal will display the number of available and locked rules. To fork only available rules, select Fork Available Only. To include Premium rules, select Unlock & Fork All.
Attack Detective
PDF Report Generation for Content and Data Audit Results
With the latest Attack Detective release, we’ve introduced infographic-style Attack Detective reports that provide a clear, comprehensive, visually structured summary of Data and Content Audit results, including spider charts, blind spots, and recommendations.
Users can now generate the reports as PDFs directly from multiple places in the interface, making reporting easier and more efficient.
The PDF report can be generated from the Audits page, which lists Data Audits and Content Audits, by clicking the three-dot menu for a specific audit and selecting Generate Report > Data Audit / Content Audit PDF.
Additionally, the Data Audit and Content Audit pages have been updated to allow users to generate PDF reports directly from the selected audit page by clicking the file icon > Data Audit / Content Audit PDF.
Once generated, reports can be quickly and easily downloaded from the Reports page, providing users with a comprehensive and visually informative overview.
Content Quality Improvements
With the latest release, we have introduced a set of improvements to ensure proper translation handling and avoid syntax errors:
Added full support for the
containsmodifier in Splunk XML queries to ensure consistent and accurate translation behavior.Resolved an issue where missing parentheses in ArcSight queries could lead to incorrect behavior.
Resolved translation issues from Roota to Elastic query that caused errors.
Resolved an issue where, in some cases, comments in the source rules caused translation issues with Elastic EQL queries.
Fixed an issue where, in some cases, cross platform translations from IBM QRadar rules to Palo Alto XQL queries did not work correctly.
Fixed duplication of commented functions that are not supported during translation.
Fixed an issue where, for Sigma rules using
CommandLine|contains|allor other fields withcontains|all:, values placed after the colon were incorrectly split into individual characters during translation to a Devo query or to Microsoft Defender.Improved QRadar translation behavior when field mapping is missing. The default translation uses
UTF8(payload) ILIKE 'value', while in the alternative translation, the value is taken from the Sigma field, using the<fieldname_from_sigma> = 'value'.Resolved an issue that sometimes occurred during the translation from OpenSearch to Google SecOps rule.
Key Bug Fixes & Improvements
Updated the website homepage with multiple UI improvements, including renaming elements, opening links in new tabs, updating images, adding borders and shadows, and refining layout and hover effects.
Improved the Active Threats search so results appear faster and without the delays, and summaries are displayed correctly.
Fixed an issue where, in some cases, encoded content was displayed in the Edit modal on the Inventory page. An error message is now shown if the content cannot be loaded.
Fixed an issue with Splunk Alert Template where the detection templates generated in TDM were missing key parameters required for proper alert triggering, which could result in false positives.
Resolved an error that, in some cases, occurred during translation to Roota.
Resolved an issue when, in some cases, for Splunk the section
default_log_sourcein the mapping field was not working correctly for some log sources.Fixed an issue where sometimes the Dynamic Content List wasn’t filtered by Author, which could result in a 500 Internal Server Error.
Fixed an issue where, in some cases, Sumo Logic rules failed to deploy to SIEM via Inventory.
Implemented the following improvements to bulk forking in Advanced Search to ensure smoother user experience, including:
Fixes to address issues where some selected rules, in some cases, failed to fork.
After forking, users remain on the same page in Advanced Search, while previously selected checkboxes are cleared.
Fixed an issue where, in some cases, Data Plane options were not shown in the Create New Job window unless a Tenant was selected.