Skip to main content

SOC Prime Platform Product Release Notes 6.1.8

N
Written by Nataliia Pukaliak

April 14, 2026

© 2026 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

New Alternative Translations

Coralogix

With the latest SOC Prime release, we’ve added an alternative translation ECS for Coralogix Alert and Coralogix Query. The ECS alternative translation can now be selected:

  • In the Data Schema dropdown in Uncoder AI when translating from Sigma.

  • In the Config dropdown on the Detection Code tab of a Detection Rule page.

  • In the Config dropdown on the Jobs page when creating or editing a job.

QRadar

We’ve added an alternative translation CEP Custom for QRadar Query. The CEP Custom alternative translation can now be selected:

  • In the Data Schema dropdown in Uncoder AI when translating from Sigma.

  • In the Config dropdown on the Detection Code tab of a Detection Rule page.

  • In the Config dropdown when selecting Scenario for the scan in Attack Detective.

Cookies Policy Update

With the latest release, we’ve implemented a cookie consent mechanism across all SOC Prime web properties to ensure compliance with GDPR and PECR requirements. Users can now accept or reject cookies via the consent banner, as well as manage their preferences. A dedicated Cookie Preferences panel allows users to view all cookie categories and customize their settings using toggle controls.

WIF Environment Type for Google SecOps

We have implemented a new WIF integration based on keyless authentication for Google SecOps. Following this update, a new option has been added to the Data Plane setup, allowing users to select the Cloud Chronicle API with WIF environment type, select where the Data Plane will be used and configure the required parameters accordingly.

UI Enhancements

With the latest SOC Prime release, we’ve made significant improvements to the Platform UI to enhance clarity and usability.

  • Updated the Login/Registration page to include only supported SSO providers – Microsoft, Google, and Atlassian and removed unsupported options.

  • Introduced a new design of a loading spinner across all platform components to improve visual consistency and modernize the UI.

  • Introduced a redesigned MITRE ATT&CK modal, accessible from the Detection Rule page, with improvements to layout.

Threat Detection Marketplace

Active Threats Updates

We’ve enhanced the Active Threats module by improving how detections are sorted. When opening an Active Threat details page and navigating to the Detections tab, detections across all sub-tabs (Behavior Rules, IOC Queries, and AI Rules), are now sorted by date, with the newest items displayed at the top.

Attack Detective

With the latest release, we’ve made visual improvements to the Scan and Data Audit PDF reports in Attack Detective to make them easier to read, navigate, and identify critical findings.

  • Enhanced sorting functionality in Scan PDF reports to make it easier to identify the most critical and most active detections. Detections are now sorted by severity level (Critical → Low) and within each severity level, by hit count, from highest to lowest.

  • To improve readability, we’ve added visual separators in Data Audit PDF reports, making it easier to distinguish between events.

Content Quality Improvements

We’ve introduced several improvements to ensure more accurate translations across certain platforms.

Elastic

To improve the quality of translations into the Elastic Stack Detection Rule (Lucene) format, we’ve ensured that the reference field is empty when there is no case id.

Crowdstrike

We’ve addressed the Crowdstrike keyword translation issue by enclosing keyword values with double quotes (").

Tanium

We’ve improved the quality of Tanium Query translations by improving escaping \\.

Key Bug Fixes and Improvements

  • Updated favicon on the SOC Prime Platform.

  • Excluded generation of IOC rules of emails type from Active Threats and removed the existing IOC rules with emails type.

  • Fixed an issue where sometimes the Source and Values fields configured in Custom Field Mapping were not applied for CrowdStrike Next-Gen Query.

  • Fixed an issue sometimes causing the Platform dropdown to freeze during Bulk Translate on the Repositories page.

  • Removed the limitation of displaying only 500 items when selecting Dynamic Content List for scans on the Custom Hunting Scenario page in Attack Detective. Now the full number of items from the Dynamic Content List is displayed.

  • Fixed issues in Active Threats search where changing the query sometimes incorrectly returned an empty state message and the search term was not properly displayed in the empty state message. Additionally, we’ve resolved an issue where the Clear Filters & Search button did not work on an empty Active Threats results page. It now clears the search and displays all Active Threats.

  • Improvements related to Uncoder AI:

    • Fixed an issue in the New mode where content in the editor was sometimes not recognized when running AI tasks after drilling down from the Detection Code tab of the Detection Rule page.

    • Resolved an issue where clicking the Revoke button in Uncoder AI sometimes incorrectly triggered the Publish this content? pop-up instead of the Rule successfully revoked message.

  • UI-related fixes:

    • Improved wording and text consistency in the Attack Detective Scan Setup and Two-Factor Authentication Setup pages.

    • Improved connector line behavior in Attack Flow by adjusting the line placement algorithm.

    • Fixed an issue in Uncoder AI where, in some cases, the side menu was partially cut off when viewing results of the Active Threats Search task.

    • Fixed an issue in Advanced Search where the Translate To button was sometimes not visible when selecting detections for bulk actions.

    • Resolved an issue where the underlines of the Generate, Translate, and Improve tabs in Uncoder AI were sometimes displayed incorrectly.

    • Adjusted zoom level for small Relation Graph on the Detection Rule page to improve visibility.

    • Fixed an issue where the Unlock all Premium rules option was displayed out of the dropdown borders on the Lists page.

    • Blocked action buttons in the three-dot menu for DEMO Audits in Attack Detective, and fixed an issue where the tooltip for those actions was sometimes incorrectly positioned.

  • Fixed an issue where sometimes queries were duplicated in Sumo Logic SIEM when deploying a rule from the Inventory page.

  • Updated SOC Prime Bias handling on the Active Threats module so that active threats without a defined bias now display () value instead of medium.

  • Fixed an issue where content of CSE Rules type for Sumo Logic sometimes was not deleted from the Inventory.

  • Fixed an issue where duplicate selection keys did not trigger an error during translation in Uncoder AI.

  • Updated the official legal documentation across all SOC Prime web resources to ensure compliance and consistency.

Did this answer your question?