March 9, 2022
© 2022 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Content Quality Enhancements
At SOC Prime, we’re constantly striving to improve the content quality when translating Sigma behavior-based detections to various SIEM, EDR, and XDR language formats.
Microsoft Sentinel Translation Improvements
For an even more intuitive threat detection experience, we’ve improved the detection logic in Microsoft Sentinel translations by applying
!contains
in the second part of the rule code.
QRadar Translation Improvements
With this latest release, we’ve improved content translations to the QRadar language format. More specifically, all conditions after AND NOT are now placed inside the event in parentheses () if the detection has only a single condition.
Detection Engineering Usability Improvements
To ensure the most streamlined user experience with the SOC Prime Platform, we’ve recently made improvements to content sorting on the Detection Engineering page. Now the system remembers the last state of content sorting, which is properly displayed after updating the page.
Developer Portal Content Analytics
With this latest release, we’ve made improvements to the content analytics in the Developer Portal to make sure all the visualized data is consistent with the Bounty payments according to the Content Partner License Agreement. Please note that traction includes only the detection content that was published via the Developer Portal.
Increased OTP Token Lifetime
With this release, we’ve increased the one-time password (OTP) token lifetime from 1 up to 5 minutes for an improved login experience. With this improvement, the SOC Prime users can seamlessly log into the platform without a rush struggling to enter the OTP code before it expires.
Leaderboards: Release Dynamics Chart Improvements
For a better user experience with the SOC Prime Platform, we’ve applied a logarithmic scale to display stats on the Y-axis of the Release Dynamics chart in Leaderboards.
Quick Hunt: Unlocking Content for Russian-Backed Cyber Threats
With this latest platform release, we’ve unlocked curated detection content for Russian-backed cyber threats. Comprehensive volumes of threat hunting queries are readily available, enabling teams to hunt for related threats with SOC Prime’s Quick Hunt module. Community subscribers and other users with more privileged subscription plans can now get access to the dedicated content matching the relevant custom tag.
SOC Prime Platform Guide Updates
To keep our users informed about the latest features and improvements, we’ve updated the following guides within the SOC Prime Platform:
The Continuous Content Management guide
Platform Guides:
The list of Lucene fields in the Discover section
The API section
We’ve also updated the CCM API Integration Tool Guide to be consistent with all the changes added to the Platform Guide, including the description and use of a new endpoint for creating and editing dynamic Content Lists.
Uncoder CTI: Free Access
With this release, we unlock free access to the Uncoder CTI module to up to 7,000 organizations worldwide excluding aggressor countries, Russia and Belarus. Limited Access and Community subscribers can now unleash the full power of this module to generate IOC queries on the fly and run them in popular SIEM and XDR tools, including Microsoft Sentinel, Chronicle Security, Elastic Stack, and Splunk.
Key Bug Fixes & Improvements
With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:
Fixed the issue with an email reminder to activate the platform account. In certain cases, such reminders were sent 3-4 times per day. After the update, users receive a single email reminder in 24 hours after registering for the SOC Prime Platform prompting them to activate the newly created account.
Resolved the issue with the notification interval to make sure SOC Prime users receive their emails according to the preferences they opted for.
Fixed the issue when filtering detection content by Playbook, Config, and Premium App content types. After filtering and then drilling down to the content item page, the wrong label “Content Pack” was displayed. After making the update, the content item page displays the correct content type matching filtering criteria.
To ensure consistency across the entire platform functionality, we've renamed Profile to Account on the main page that appears after logging into the SOC Prime Platform.
Updated Search Profile tooltips on the MITRE ATT&CK Coverage and Log Source Coverage pages to correctly inform the SOC Prime users that all fields are used to filter the displayed statistics.
Fixed the issue with the navigation buttons on the Intelligence tab of the content item page. Before the update, the Timeline items were not scrolled when clicking the next and back buttons. As part of these updates, we’ve also improved the button styles for a better user experience.
Improved the Code tab loading speed and performance when switching from the rule cybersecurity intelligence to the Sigma rule code and translations to the supported formats.