July 3, 2026
© 2026 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Threat Detection Marketplace
Azure DevOps Integration: FortiSIEM Rule Support
Added support for the FortiSIEM Rule content format in the Azure DevOps integration, enabling automatic deployment of FortiSIEM Rule content type from Threat Detection Marketplace to Azure DevOps.
Users can select FortiSIEM Rule in the Content Platforms dropdown when setting up Azure DevOps integration.
For individual rule deployment to Azure DevOps from the rule's page, users should click the Push to Repository button on the Code tab.
Also users can select FortiSIEM Rule content type in the following locations across the SOC Prime Platform to enable automatic deployment to Azure DevOps:
Higher Order Sigma
With this release, we’ve introduced Higher Order Sigma rules and started its gradual rollout across the platform. Higher Order Sigma rules are based on detection rules defined in Active Threats and use the Attack Flow to determine the sequence of adversary actions.
Higher Order Sigma rules have been introduced on the Active Threat News Item page. They are now displayed under a new Higher Order Sigma tab.
Additionally, as part of this update, Higher Order Sigma rules are now listed on the Advanced Search page. To find them, users can select Higher Order Sigma in the Platform filter. Selecting a rule from the search results opens its dedicated rule details page.
We’ve also added a new repository containing Higher Order Sigma rules.
DetectFlow Supported in TDM API Key Configuration
As part of DetectFlow integration with Threat Detection Marketplace, we’ve added the ability to generate an API key for DetectFlow. Users can now select DetectFlow product when generating an API key in Threat Detection Marketplace to set up an integration.
Uncoder AI
Agentic Threat Research Enhancements
This release includes several enhancements designed to improve the overall experience in Agentic Threat Research.
Files Upload in Projects
From now on, SOC Prime users can upload files to projects as additional context for the AI agent which will be applied to all chats within that project. The files can be uploaded with a maximum size of 15 MB. Supported file formats include PDF, TXT, CSV, JSON, PNG, JPG/JPEG.
To use this functionality, in the project, click the plus (+) icon in the Resources section, and select Upload Files.
Adding Detections from TDM
Detections from Threat Detection Marketplace can now be added directly via the chat input field. To use this functionality, click the plus icon (+) and select Add Detections, choose the detection, and it will be automatically inserted into the Code Editor.
Additionally, we’ve adjusted the layout and styling of the detection search modal to fit the new Uncoder AI interface.
IOC-Based Queries for Level Blue USM
We've added support for generating IOC-based queries for Level Blue USM.
Website Updates
SOC Prime Platform Terms of Service Page
The SOC Prime Platform Terms of Service page has been updated.
About Page
The About page has been redesigned to provide a refreshed structure and improved presentation.
Other Updates
Access Notifications
To improve the user experience, informational messages have been introduced throughout the platform to clearly indicate when specific functionality is limited due to the user's role and permissions.
API Rate Limit Update
Updated Threat Detection Marketplace API rate limit to 60 requests per 60 seconds.
Key Bug Fixes and Improvements
Fixed an issue where, in some cases, opening a detection from the Detection Rule page via the Open in Uncoder AI button, resulted in No matching content error instead of displaying a rule.
Fixed an issue where sometimes when deleting the content from Inventory and organization's SIEM, the error has been displayed.
Improved the Uncoder AI header layout on small screen sizes.
Fixed button alignment in Uncoder AI.
Improved elements positioning in chat in Uncoder AI when opening content in additional windows (e.g. Code Editor), ensuring the chat focus remains on the current context.
Fixed an issue that sometimes caused incorrect rendering of Cyrillic text and IOCs when uploading files in Uncoder AI.
