October 20, 2021
© 2021 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Citation Support
To improve the user experience, we've added the citation support in technique descriptions of the MITRE ATT&CK® visualization in the Discover category. References, which previously were displayed as plain text, now are formatted as citations (sequential numbers in square brackets, such as [1], [2], [3], etc., with links to the sources of information). By hovering over citation, its link is displayed in the bottom left-hand corner of the screen. This formatting makes the description more reader-friendly and aligned with the established practice.
Content Quality Enhancements
At SOC Prime, we’re constantly striving to improve the content quality when translating Sigma behavior-based detections to various SIEM and XDR language formats.
Azure Sentinel Translation Improvements
To further empower security professionals, we've made the following improvements related to Azure Sentinel:
Enhanced the conversion into Azure Sentinel Rules and Azure Sentinel Queries. Now, if a Sigma detection contains multiple log sources, a single Rule or Query is generated instead of producing a separate content item for each log source.
Added Microsoft Defender ATP as an alternative translation for Azure Sentinel Query.
Chronicle Security Translation Improvements
In the SOC Prime Platform v. 5.0.3, we've improved the logic of converting Sigma detections into the Chronicle Security language format. Now, event names are enclosed in single rather than double quotation marks, which ensures correct YARA-L format and helps prevent parsing issues.
Continuous Content Management Module Updates
In this latest release, we've added new Continuous Content Management (CCM) API endpoints providing security professionals with the following capabilities for automation:
Adding and removing rules from static content lists
Creating, downloading, updating, and deleting static content lists
Marking content items as deployed
LimaCharlie Support
As part of our continuous effort to extend the range of security technologies available for integration on SOC Prime Platform, we've added support for LimaCharlie EDR/XDR to Threat Detection Marketplace and CTI.Uncoder.IO. Now, security performers can filter content by this platform and drill down to the detection code in the corresponding language format.
Localization Updates
With this latest 5.0.3 release, we've introduced the following localization updates:
To emphasize our message and make information more relevant, we've made some updates to the copy on the SOC Prime Platform, socprime.com and Uncoder.IO.
To improve user experience and localization consistency on the SOC Prime Platform, we've updated certain buttons, options, checkboxes, and field names related to Environments, API, Custom Field Mapping, Content Lists, Presets, and Filters.
To improve consistency in the Integrate category, we've renamed Field Mapping to Custom Field Mapping on the left-hand menu and ordered the items alphabetically in the header navigation.
Log Source Coverage Improvements
In the SOC Prime Platform v. 5.0.3, we've added new functionality and improved the user experience on the Log Source Coverage page:
Made the Log Source Coverage text clickable in the title and breadcrumbs
Improved the page layout and font styles
Replaced Not Available with N/A for products that are not visible for users with the Community subscription
Made product names clickable on the Overview chart and added transparency for names of the products that are not available for users with the Community subscription
Added the name of the opened product to breadcrumbs
Added dashes into the Category fields without values
MITRE ATT&CK® Coverage Improvements
With this latest release, we've added new functionality and improved the user experience on the MITRE ATT&CK Coverage page:
Made the MITRE ATT&CK Coverage text clickable in the title and breadcrumbs
Improved the page layout and font styles
Made tactic names clickable on the Overview chart and added transparency for names of the tactics that are not available for users with the Community subscription
Added the name of the opened tactic to breadcrumbs
Quick Hunt Improvements
To enhance the user experience, we've introduced the following improvements:
Made Trending Now the default sorting option on the Quick Hunt page
Moved Category and Product parameters to the detection main view
Improved layout on mobile resolutions
Search Result Limitations Removed
To improve the experience of the Platform for Community users, we've removed search result limitations they previously had on Detection Engineering, MITRE ATT&CK and Advanced Search pages. Now, users with this plan can leverage the full potential of the search in Threat Detection Marketplace.
SOC Prime Website Updates
With this release, we've introduced the following updates:
Included links to the CTI.Uncoder.IO, Privacy, and Career pages in the header and footer navigation for the following tools:
Added the Privacy page now available at https://my.socprime.com/privacy/ where security professionals can find out a detailed description of SOC Prime’s approach toward privacy and ownership rights protection.
Added the link to the Industry Recognition page in the header navigation at CTI.uncoder.IO.
Sub-Technique IDs in Filter
To make references to MITRE ATT&CK sub-techniques even more specific, we've added their IDs in the Techniques filter on the Detection Engineering page. We've introduced this change since there are some sub-techniques in MITRE ATT&CK that have the same names but refer to different techniques. The same functionality is already available on the Advanced Search page.
Uncoder CTI and CTI.Uncoder.IO Improvements
With this latest release, we've made the following improvements:
In Uncoder CTI and CTI.Uncoder.IO: added tooltips for Search, Copy, and Delete buttons shown for generated queries.
In CTI.Uncoder.IO: improved the layout for mid-size screens, as well as for 2K and 4K resolutions.
Key Bug Fixes & Improvements
With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:
Resolved the issue with the Add More Teammates button, which did not work correctly in some cases.
Removed less-than (<) sign after sub-technique names in the Techniques filter on the Advanced Search page.
Removed HTML tags from the tooltips for sub-technique names in the Techniques filter on the Advanced Search page.
Removed the redundant border line that was shown on the right-hand side of the MITRE ATT&CK Info pop-up.
Fixed the bug with success messages being overlapped by pop-ups. Previously, some pop-ups, such as Add to CCM List on a content item page, could overlap success messages shown at the top of the screen.
Restored the Recommended option in the sorting drop-down on the Advanced Search page.
Fixed the connection bug that in certain cases resulted in failed query generation in Uncoder CTI.
Resolved the issue with Presets for Chronicle Security for the Continuous Content Management module. Previously, Presets linked to Jobs couldn't be applied during deployment to this platform.