January 12, 2022

© 2022 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

We've updated the name of Open Distro to AWS OpenSearch. Now, the content for this platform is available under the new name.

We've also added support of drilling down to this platform from Quick Hunt. Now, security experts can set up their AWS OpenSearch environment and hunt for the latest threats in one click.

With this release, we've introduced name suffixes for Chronicle Security Rules that are converted from multiple log source Sigma detections. The suffix shows the given part of the detection and the entire number of parts in the following format: rule_name_part_1_of_2.

In SOC Prime Platform v. 5.0.9, we've introduced the capability to separately set up an environment for Continuous Content Management (API Deploy) and for Hunt (Web Search). Each configuration is now done on an individual tab.

This is another important step in making threat hunting accessible for everyone. Now, all you need to hunt in your environment is a web link. No API credentials are required.

The environment set up on the Hunt (Web Search) tab is used for two modules: Quick Hunt and Uncoder CTI.

The configuration on the CCM (API Deploy) tab is used for automated content deployment in Continuous Content Management and via API, as well as for manual deployment from a content item page in the Threat Detection Marketplace. It has the same fields as were used before for an environment setup.

Field values entered on one tab are automatically preselected for the corresponding fields on another tab.

Note that for AWS OpenSearch, CrowdStrike, Microsoft Defender ATP, and Splunk, only web search setup is available. AWS OpenSearch, CrowdStrike, and Microsoft Defender ATP do not require API credentials and Splunk API integration is done via a separate Splunk App. For Sumo Logic, only deployment via API is available.

With this release, as part of our constant effort to improve the collaboration in the cybersecurity community, we've updated the Content Partner License Agreement for SOC Prime Threat Bounty Program developers.

Additionally, we've improved and made consistent all the references and navigation elements related to the SOC Prime Platform Terms of Service across the Platform and our websites:

The outdated versions of the document that had been shown on some pages were replaced with the most recent one.

We've added Microsoft Defender ATP to platforms supported in Quick Hunt.

Now, security professionals can set up a Microsoft Defender ATP environment and hunt for threats in just one click.

To help security professionals keep track of the detections they've used for threat hunting, we've introduced the Hunted label.

Hover over it to see a tooltip with the date and time of the last hunt.

Clicking the label shows a pop-up with the hunt history listing the date and result of each hunt with the selected detection.

With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform: