© 2022 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Cyber Threat Search Engine Improvements
Trending
To deliver the most relevant content in our Trending suggestions, we’ve upgraded the keyword selection logic. Now, you will see the most popular monthly searches with the preference given to the latest keywords. The results are based on unique searches only.
Search Results Number
Now, you will see the total number of search results for both Main and MITRE ATT&CK views.
UI Improvement
To improve the user experience, we’ve removed the additional scroll for the Techniques filter.
Error Messages
We've improved translation error messages making them more user-friendly.
Search Suggestions
To simplify and speed up the search, we've made the search suggestions case-insensitive.
Additionally, to start the search, now you can just select a suggested option without the need to click the search icon or hit Enter.
CERT-UA
In this release, we’ve marked all the content items related to the cyberattacks targeted at Ukraine under the cert.gov.ua tag.
Content Quality Improvements
CrowdStrike
We’ve enhanced the translation into the CrowdStrike format in both SOC Prime Platform and uncoder.io by ensuring the correct conversion of AND/OR logical operators.
Splunk
We’ve improved the source mapping for Splunk in the translation configuration by introducing arrays to define field values.
Elastic Query
To improve the translation of Sigma rules into the Elastic Query format, we've made sure that the * character is rendered correctly.
UI Improvements
Platform Guides
We’ve restructured our Platform Guides and relocated them to the Help Centre in Intercom. Access the manuals by logging into the SOC Prime Platform and clicking on More → Learn → Platform Guides or Help Center → Platform Guides.
Environment Profile
To deliver a clearer message and improve usability, we’ve introduced changes to the interface texts of the Create New Environment Profile Page.
Preloader
We’ve updated the loader texts to deliver up-to-date information.
Community Feedback
We’ve added a Community Feedback section on our Developer Program page to share the insights from our cyber defenders.
Quick Hunt
We’ve changed the alignment of the elements in Quick Hunt to increase the size of the Search bar for better page usability.
Submit Content Button
We’ve updated the design of the content submission button $ubmit Content → Submit Content in the header for socprime.com, my.socprime.com, uncoder.io, cti.uncoder.io, attack.socprime.com.
Email Improvements
To ensure a better user experience in the multiple stages of the SOC Prime Platform usage, we’ve enhanced our email templates and designs.
Design
We’ve reworked the design of the emails in accordance with the corporate style. Among other changes, we’ve improved the design of the footer by adding several useful links, such as Help Center, Community in Slack, Cyber Library, and the Log-In page.
Sender
To keep naming consistency, we’ve changed the sender name from Threat Detection Marketplace to the SOC Prime Platform.
Performance Enhancements
To ensure better performance of the SOC Prime Platform, we’ve introduced several enhancements with this release.
Dynamic Content Lists
We’ve reworked the way data is loaded in the Include Tags and Exclude Tags fields when creating new Dynamic Content Lists. Now, you should enter two or more characters to see the suggestion list.
Code Tab
We’ve optimized the performance of the Code Tab on the Content Item page by conducting the code refactoring and removing the unnecessary code elements.
Presets for Chronicle Security
In this release, we’ve introduced a Validator for the Rule Name Starts With and Rule Name Ends With fields when creating new Presets for Chronicle Security. The field value can contain only letters, digits, or underscores, while the Rule Name Starts With field value should start with a letter.
OpenCTI Integration
To boost the user experience, we’ve introduced OpenCTI Integration. With the SOC Prime Connector, you can:
Pull raw Sigma rules added to Content Lists using an API Key
Convert the content to STIX format
Add tags, threat intel, and timeline information to your OpenCTI
Cloud Filter
We’ve updated the logic of the SaaS option in the Cloud filter in Advanced Search and Detection Engineering.
Developer Program Signup
To facilitate the application process for the Developer Program, we’ve added an Apply button to the login page of the SOC Prime Threat Bounty Program.
Key Bug Fixes & Improvements
With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:
Improved the Threat Bounty Program registration functionality. Previously, if the user did not activate their account after signing up, they could not use the Recover Password feature or use the same email to sign up again.
Fixed a bug where an empty environment configuration modal appeared in Quick Hunt when the user tried hunting without setting up an integration.
Resolved an issue that made it difficult to open very large Custom Field Mapping profiles. We've redesigned the Field tab in the mapping setup modal to improve the field editing experience and significantly enhance the performance. Now, fields can be added only one by one, and the suggested field values are shown only after clicking the Edit button. Additionally, to avoid cases where a mapping profile is too big for proper handling, we've set a limit of 500 fields.
Adjusted the text in the account activation email that users get after registration on the SOC Prime Platform
Made several fixes in the Cyber Threat Search Engine
Resolved an issue that sometimes led to incorrect ATT&CK® Navigator export: all techniques/sub-techniques related to the search results were selected while only the currently opened one or none should have been selected.
Fixed the position of the Latest Content Updates link for cases when there are few trending search terms.
Removed the possibility of infinite scrolling up in Chrome.
Fixed a bug with text selection where the selected text started one character to the right from the intended place.
Improved the footer layout in the mobile version.
Fixed an issue with Custom Field Mapping for Splunk by replacing the default index with the custom source.
Improved the query deployment for Microsoft Sentinel (ala) in CCM by checking if the content was deployed previously and introducing changes into the existing query instead of generating duplicates.
Resolved an issue where in some cases, after an hour or more from the session start, an attempt to refresh the page or open a different page of the SOC Prime Platform would result in a 500 error (Internal Server Error).
Fixed message alignment on the Log Source Coverage and MITRE ATT&CK® Coverage pages.
Resolved the Fix Error Code: 400. Status: INVALID_ARGUMENT when deploying Alert to Chronicle Security with the Presets usage.
Fixed an issue with clearing numerous deleted items in the Inventory by adding paging to the list of deleted content items. This also allowed us to improve performance.
Improved mapping for translations into Splunk Query format by defining a default index. This ensures that an index is always included in the query, and a Custom Field Mapping profile can be applied to it.
Fixed the text in the top navigation menu of the desktop version of socprime.com. Previously, the subheader for the News section was History of Sigma Evolution. Now, it has been replaced with the correct text Headlines in cyberspace.
Fixed the wording of the paragraph about the subscription expiration date in the subscription activation email.
Restructured the Microsoft Defender for Endpoint queries generated in Uncoder CTI when both Hash and Domain type IOCs are present. Now, the queries support search in different tables/indexes for different types of IOCs.
Resolved an issue with the top navigation menu where the dropdown did not collapse after clicking on it.