The Community subscription plan is a good starting point to browse around the Threat Detection Marketplace for free before you decide which plan is best for your organization. Community allows you to access a limited amount of Sigma rules and use the core modules and features of the SOC Prime Platform.
Access to Sigma Rules and Their Translations
Threat intelligence and metadata for Sigma rules are always available to help you in your research. The code of some Sigma rules together with all their translations is also available for free. Such free rules are marked with the following labels:
Git Free Access. Sigma rules sourced from SigmaHQ, a free GitHub repository of the Sigma community.
Promo. Sigma rules opened by SOC Prime as part of a promotion.
However, most rules are offered as Premium. To access a Premium Sigma rule's code, you need to unlock it using your Premium Sigma rule balance.
All users that belong to the same organization have a shared Premium Sigma rule balance and access to the unlocked rules. When one user from the organization unlocks a rule, it becomes available to all the others.
Note that when a Sigma rule is released, users with a Community plan can unlock it only after a 3-day waiting time passes. While unavailable, the Sigma rule has the status Wait to Unlock.
Your current balance of Premium Sigma rules is displayed in your Account menu.
The balance is decreased by one each time you or your teammates unlock a Premium Sigma rule.
To unlock a Premium Sigma rule, open the Code tab on the rule's page.
When you unlock a rule for the first time, you can see a prompt for confirmation. After the first time, rules will be unlocked automatically without extra confirmation.
When the rule is unlocked, a popup appears under the balance counter.
After unlocking, you instantly get full access to the Premium Sigma rule and all its translations as well as the ability to use the rule across the SOC Prime Platform including Uncoder AI and Attack Detective. The access status of the rule changes to Unlocked.
You can check all the rules you've unlocked using the Unlocked option of the Content Availability filter in Search.
Access to Modules and Features
Under a Community plan, you can use the following modules of the Threat Detection Marketplace and features of the SOC Prime Platform.
An all-in-one starting point to quickly check out for Content recommendations individually tailored to your needs and get insights into your company's Content usage over time and compared to your industry and country.
Search and browse Sigma rules presented as listings with key details. Use Standard and Lucene search. In this module, you have access only to basic filters. To use more filters, upgrade your plan.
You can set up integration with one Data Plane (your SIEM, EDR, XDR, or Data Lake instance where your data lives) for direct deployment of Sigma rule translations.
Insights into released content: the total amount of Sigma rules and their translations per platform, top authors, etc. You have full access to this module.
Other Modules and Features
To get access to other modules and features, for example to Automation, Content Lists, Analytics, or Custom Field Mapping, upgrade your plan.