Skip to main content

SOC Prime Platform Product Release Notes 5.1.1

Written by Eugene

February 23, 2022

© 2022 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

Content Quality Enhancements

At SOC Prime, we’re constantly striving to improve the content quality when translating Sigma behavior-based detections to various SIEM, EDR, and XDR language formats. With this release, we’ve made the following translation improvements:

  • Refined Sigma conversion to the Microsoft Sentinel format for the cases in which Event ID was incorrectly defined based on the log sources

  • Enhanced translations to the Microsoft Defender for Endpoint format for the cases in which double escaping was introduced if the Sigma code contained quotes, like @"qwe\"" instead of @'qwe"' or "qwe\""

  • Polished translations to the Splunk format when the $ character was duplicated

Content Search Service for API

With this latest release, we've implemented the Content Search Service into the Continuous Content Management (CCM) API. This service is used to identify content for Dynamic Content Lists and related Jobs, which will provide security professionals who use CCM API with even more enhanced capabilities.

Deactivation Message Update

To ensure that the deactivated user is always aware of the reason why their team manager decided to disable their account, we've added the reason indicated by the manager to the deactivation email.

Deprecated Page Removal

We've removed the deprecated Profile page at my.socprime.com.

Improved Sorting

We've updated the content sorting principles for users with the Community subscription. Now, with the Recommended option selected, they first see content that is or soon will be available to them.

License Field

To make the Chronicle Security Rule structure easier to read, we've created a separate license field in the meta section. Previously, the link to the license was provided in the description field.

Localization Improvements

Content Availability Labels

We've updated the text on the content availability labels to make them more user-friendly:

Continuous Content Management

To enhance the usability of the Continues Content Management (CCM) module, we've updated the text for two tooltips on the Elastic tab of the Presets pop-up.

Navigation Menu

We've introduced improvements to the navigation menu:

  • To ensure consistency of navigation elements, we've updated Profile to Account in the top navigation menu.

  • To enhance usability, we've updated Team Members to My Team in navigation and on the respective page available for Manager roles.

Upgrade Page

We've updated the number of Uncoder CTI users for Enterprise subscription from “Per seat” to “Per Organization”.

Longer Content Availability

After introducing the new subscription model, we've extended the content availability periods:

  • Content Downloadable via UI for Community: Last 5 days → Last 7 days

  • Content Downloadable via UI for Professional: Last 10 days → Last 12 days

  • Content Downloadable via API for Professional: Last 10 days → Last 12 days

  • Content Downloadable via API for Enterprise: Last 30 days → Last 30 to 90 days

Multiple Log Source Rules

We've normalized the processing of Sigma rules with multiple log sources to ensure seamless deployment of their translations.

Platform Guide Updates

We've updated the Platform Guide to keep it up with the newest features and capabilities of the SOC Prime Platform.

Slack Community Button

To improve the user experience with the SOC Prime Platform, we've restored the button that opens the Slack Space of our Threat Detection Marketplace community. This is a fast and convenient way to communicate with other cybersecurity experts.

Support for AWS OpenSearch in Uncoder CTI

With this release, we've added support for AWS OpenSearch in Uncoder CTI. Now, security experts who use this platform can generate IOC-based queries and send them directly to their environment.

Integration with AWS OpenSearch can be configured on the Hunt (Web Search) sub-tab on the Environments page.

Key Bug Fixes & Improvements

With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:

  • Fixed the display of the released and updated dates in Advanced Search. Previously, the dates disappeared after hovering over a content item.

  • Updated the old GIF shown to Limited Access users on the Environments page.

  • Resolved the issue with adding a content item to multiple Static Content Lists from the content item page. Before, this bulk action could result in an error.

  • Improved Content Pack parsing for deployment in Microsoft Sentinel to ensure correct content processing.

  • Fixed the bug with submitting the email address to contribute to the multi-language MITRE ATT&CK® Map project.

  • Resolved the issue with saving a Custom Field Mapping profile for AWS OpenSearch. Previously, problems with validation could be a stumbling block to creating a new profile.

  • Fixed a problem with importing an ATT&CK Navigator JSON to the Search Profile. After import, all techniques could appear in the profile rather than only those that were listed in JSON.

  • Fixed text cropping in the error pop-up on the Environments page. Previously, long error messages that appeared after checking the connection were not displayed in full.

  • Fixed the behavior of the Show Less button on the platform selection pane of the Code tab. If the scroll bar was present, the button could be unclickable.

  • Fixed the issue where the Syntax Option pop-up sometimes was overlapped by the header.

  • Improved the validation error message displayed when the user tries to create an environment integration with a name that already exists in their organization.

  • Fixed the issue with the overlapped scroll bar of the More Expert Filters panel on the Advanced Search page.

  • Fixed the issue with filters on the Detection Engineering page. An expanded filter did not collapse when another filter was expanded, although only one filter may be open at a time.

  • Fixed the issue with the top navigation items on the Uncoder.IO page which would become inactive after clicking.

  • Resolved the issue with switching to another environment after the user moved to the next page in Quick Hunt.

  • Fixed the broken Unsubscribe link in the SOC Prime Platform newsletter.

  • Fixed the issue with the incorrect selection of the entire block after right-clicking the rule link.

Did this answer your question?