June 18, 2026
© 2026 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Threat Detection Marketplace
GitHub Integration: Elastic Query (DSL) Support
Added support for the Elastic Query (DSL) content format in the GitHub integration. Users can now select this content type for the Elastic platform in the following locations across the SOC Prime Platform:
In the Content Platform dropdown when configuring a GitHub integration
In the Type dropdown on the Inventory page
In the Content Type dropdown when creating or editing a job
Level Blue USM Query Support
We're constantly expanding support for SIEM, EDR/XDR, and Data Lake platforms, along with various language formats. With the latest SOC Prime Platform release, we've introduced support for the Level Blue USM Query (SQL) format. This content type is now available for the following Platform functionality:
In Expert Filters > Platform on the Search page
On the Detection Rule page on the Detection Code tab
As a target language format for content translation in Uncoder AI
User Activity Export in Team Management
With this release, we’ve added the ability for users with Manager role to export the activity log of team members as a CSV file. Logged events include login, content downloads, and content translations via Uncoder AI. This option is available on the Team Management page via the three-dot menu by selecting Export Activity.
Microsoft Sentinel Filter Updates
Introduced support for query filters in Microsoft Sentinel by adding Prepend and Append options, allowing users to insert KQL operators and expressions before or after the base query without manually managing full query syntax. This option can be used when creating a filter.
Active Threats Enhancements: Related Threats
We’ve introduced a new Related Threats section at the bottom of the Active Threats News Item page. This section displays tiles with the Threat of the Month and related threats. The tiles include title, publication date, and severity level. Users can click on any tile to navigate directly to the corresponding Active Threat details page, and use View all active threats to open Active Threats feed.
Uncoder AI
Agentic Threat Research
The following enhancements have been made to Agentic Threat Research:
Improved chat title generation. Chat titles now include LLM generated title based on the context of the first message instead of using the first characters of the conversation. This provides more descriptive and meaningful titles and prevents titles from being cut off mid-word.
Expanded artifact tile click area. Users can now open artifacts in the Code Editor by clicking anywhere on the artifact tile in a generated response. Previously, only the icon on the right side of the tile was clickable.
Improved chat input behavior. The chat input now remains active after a message is sent, allowing users to continue typing immediately without having to click back into the input field.
Improved sidebar layout by making it visible when collapsed, providing quick access to key actions without needing to fully expand it.
Added quick actions to chats in the sidebar. Hovering over a chat in the sidebar now reveals quick actions, clicking them opens a dropdown with options to rename or delete the chat for faster management.
Attack Detective
Content Availability Labels and Filters
With this release, we’ve added content availability labels to queries and filtering to the Scan Results page in Attack Detective. Users can now quickly identify whether a query is Premium, Unlocked, Free Access, etc directly from the page without opening each rule individually and filter results by content availability making it easier to prioritize actionable detections.
MITRE ATT&CK Version Updated
We've updated MITRE ATT&CK used in all SOC Prime Platform products to v19.1.
Content Quality Improvements
Elastic Stack
Added Case Insensitive alternative translation for Elastic ES|QL Rule and Elastic ES|QL Query.
Key Bug Fixes and Improvements
Fixed an issue where error messages overlapped with text in the Job creation/editing side panel when Elastic On-Prem was selected.
Updated DetectFlow landing page.
Added publication date and time display to blog articles on the website.
Fixed an issue in Attack Detective where sometimes the number of queries for Microsoft Windows as a log source was incorrectly displayed as zero in Data Audit.
Fixed an issue where clicking a single rule on the Light Search page incorrectly expanded all rules instead of only the selected one.
Fixed an issue where, in some cases, in Safari the logo was not fully rendered on the Platform Settings page.
Fixed an issue where sometimes in Safari the Comments and History tabs on the Detection Rule page were not displayed for custom content.
Fixed an issue on the Agentic Threat Research page where sometimes the Enter button remained enabled despite the absence of input.
Fixed an issue on the Agentic Threat Research page where sometimes in the sidebar multiple items could remain in an active state simultaneously. Now selected projects or chats correctly lose their active highlight when a group header (Projects or Chats) is clicked, ensuring only one active element is displayed at a time.
Restored the preloader for the Calculate queries action on the Choose Hunting Scenarios page in Attack Detective. The loading indicator now remains visible until the calculation is completed, preventing display of incorrect results.