March 20, 2026
© 2026 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Crowdstrike NextGen SIEM & Trend Vision One Support
With the latest release, we’ve added support for the Crowdstrike NextGen SIEM and Trend Vision One platforms, that are currently available for Threat Detection Marketplace and Uncoder AI functionality. The Crowdstrike NextGen SIEM and Trend Vision One platforms can now be selected:
In Expert Filters > Platform
On the Detection Code tab on the Detection Rule page
As a target language format for content translation in Uncoder AI
Detection content in the Trend Vision One format can be stored in a custom repository. For Crowdstrike NextGen SIEM format, detection content can also be stored in a custom repository, with additional support for Custom Field Mapping, Filters, and Presets.
We have also restructured how Falcon LogScale is represented in the platform. Previously available as a standalone content type, Falcon LogScale is now included as part of CrowdStrike NextGen SIEM. As part of this update, the following content types have been renamed to align with the updated structure:
Falcon LogScale Query → CrowdStrike NextGen SIEM Falcon LogScale Query
Falcon LogScale Alert → CrowdStrike NextGen SIEM Falcon LogScale Alert
Email Notifications Update
As part of the latest release, we’ve improved email notifications to provide better visibility into system events and more flexibility in how notifications are received.
Data Plane Disconnection Notification
On the Accounts Settings > Email Notifications tab, users can now enable the Notify me on Data Plane disconnection toggle. When enabled, users are notified if a Data Plane loses connection. This helps ensure immediate visibility into issues affecting scheduled scans and reduces the need for manual investigation.
Notifications include:
Name of the disconnected Data Plane
Timestamp of when the issue was detected
Suggested remediation steps (when available)
Alternative Notification Email
On the Accounts Settings > Email Notifications tab, users can now add an alternative email address to receive operational system notifications and technical events. All notifications are also sent to the user’s primary email address.
On-Prem Splunk Data Plane Update
With the latest release, we’ve added the ability for the users setting up the Splunk platform with the on-prem environment type to select Quick Hunt and Automation options. SOC Prime users can now choose where the on-prem Splunk Data Plane will be used:
Quick Hunt and direct search from a Sigma rule page – To use the Data Plane for quick hunt, users must set the corresponding parameters.
Automation and direct deployment from a Sigma rule page – To deploy detection content to On-Prem Splunk Data Plane, users must use the certified SOC Prime CCM App for Splunk - Optimized.
Threat Detection Marketplace
Active Threats Updates
With the latest SOC Prime release, we’ve made several improvements related to the Active Threats module.
Enhanced Active Threats Search
When users enter a query in the search bar, threat-related suggestions now appear with a dedicated threat icon. Selecting a suggested threat opens it in a new browser tab. This improvement helps users visually distinguish threat content from other content types and easily switch between tabs to view threat details alongside related content.
Deployment Status Visibility
A visual indicator has been added on the rule row on the Active Threat details page to show deployment status. Users can now quickly identify which detection rules from Active Threats are deployed and which are not without opening each detection rule individually.
Advanced Search Improvements
With the latest release, we’ve improved the Advanced Search performance. As part of this enhancement, we’ve improved Data Planes and Tenants loading when selecting them while marking detection content as deployed. Users can now continue interacting with the page during loading, resulting in a smoother experience.
DetectFlow Support Updates
This release introduces several changes to support DetectFlow.
DetectFlow Sync in Custom Repositories
We have introduced a new External Access section on the Create New Repository page, allowing custom repositories to connect and synchronize with external services. The section is available only for the organizations that have access to DetectFlow. Users can now enable the Make available for DetectFlow toggle, which allows synchronization with their organization’s DetectFlow instance. With this toggle enabled, content updates made in DetectFlow are reflected on the TDM platform, and updates on the TDM platform are synchronized to DetectFlow.
Additionally, for improved visibility across the platform, repositories with this option enabled will follow a standardized naming convention: {repository name} (in DetectFlow).
Export Sigma Rules
Users now have the possibility to export all Sigma rules from the custom repository to Detect Flow if access to DetectFlow is enabled for the organization. To export the rules, users must perform the following steps:
Navigate to CI/CD > Repositories.
On the needed repository record, click the three-dot menu and select Export All Sigmas.
Note: It is possible to run only one export operation at a time.
Company Website Updates
AlpenShield Customer Success Story
With the latest Platform release, we’ve published a new customer success story with AlpenShield, showcasing how the company leverages the SOC Prime Platform to accelerate detection engineering and reduce the effort required to build and maintain high-quality detection intelligence. By using the Platform as a core foundation, AlpenShield streamlines rule development and deployment, keeps detections current as threats evolve, and scales SOC enablement with minimal operational overhead.
Blog and News Update
With the latest SOC Prime release, we’ve restructured the Blog and News sections on the website, including updated URLs, refreshed article designs, and redirects to ensure seamless navigation. From now on, news articles will be published at a new URL structure: /blog/{name-of-the-news}.
As part of this update, we’ve improved navigation and usability by moving the News section from the main header menu to Resources > Blog, where it is now available under the News tab.
Other Website Updates
Additional improvements have been made to optimize website functionality and user experience:
Updated the website’s favicon for better visibility in the browser tab.
Renamed the Request a Demo button to View Intelligence and updated its URL in the header to reflect the user journey and improve navigation clarity.
Updated all product pages so that clicking the Request a Demo button now navigates directly to the form block within the same page.
Added the Download Datasheet button to the DetectFlow page, allowing users to download a comprehensive overview of the product, including its core capabilities, key features, architecture, as well as the value it delivers.
Content Quality Improvements
With this release, we’ve made the following enhancements to improve the quality of content translations across multiple SIEM, EDR, and Data Lake language formats:
Fixed an issue that sometimes caused errors in Trend Vision One translations by ensuring values are in asterisk (
*) and without brackets.Added support for lists in the
categoryparameter when translating to Microsoft Sentinel.
Key Bug Fixes & Improvements
Fixed an issue where content deployment could fail due to comments in JSON. To prevent this issue, we’ve improved how comments are handled and added JSON validation when users save translations to their Custom Repository in Uncoder AI.
Introduced a set of fixes and improvements to the deployment process, including issues in Elastic Stack, Google SecOps, and Sumo Logic.
Addressed various UI fixes to ensure a smoother and more consistent experience:
Adjusted padding for the Product Access blocks on the Add New API Key page.
Fixed an issue on the Advanced Search page where the Translate label’s icon and text were sometimes not aligned on the same row.
Resolved an issue where the Deployment Results pop-up on the History page sometimes displayed deployment details as encrypted.
Fixed an issue where the Relation Graph on the Detection Rule page sometimes failed to render.
Applied a range of fixes and improvements to the Inventory:
Added possibility to enable and disable content for Coralogix Alerts in Inventory.
Fixed an issue where the Inventory Job with Curated Rule Set content was not finished.
Resolved an issue where the History page link in the Content Deleted modal in Inventory could sometimes be incorrect.
Fixed an issue where, in some cases, the Check Connection functionality in Coralogix Data Plane failed because of permission issue.
Fixed an issue that sometimes caused a 500 error during reverse translation in Uncoder AI when Filters and Presets were applied.
Fixed an issue where sometimes Presets were not applied for the Sumo Logic CSE rules.
Updated the Log Source Product dictionary.
Added the ability to open content in Uncoder AI via a dedicated link.
Improved Preset settings for Coralogix by changing the value for Priority P5 from
ALERT_DEF_PRIORITY_P5toALERT_DEF_PRIORITY_P5_OR_UNSPECIFIED.Attack Detective:
Updated ATT&CK Navigator for Content Audit to improve usability.
Removed the 500-item limit on the Add Custom Hunting Scenario page for Content List, allowing users to view all queries in a Dynamic Content List when selecting it for scanning.