September 7, 2022
© 2022 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
New Content Availability Status
We've introduced a new content availability status relevant to the Community subscription plan. Now, when a Sigma rule is released, users with a Community plan can unlock it only after three days' waiting time passes. While unavailable, the Sigma rule has the status Wait to Unlock.
Environment Integrations
Improved Carbon Black Integration
To ensure the best results of hunting in Carbon Black, we've updated the link used for integration with this platform from:
to:
Instructions for Microsoft Sentinel Integration
We've updated the tooltip for the Microsoft Sentinel URL field and introduced a dedicated How to Get Credentials popup on the Hunt (Web Search) tab of the Microsoft Sentinel integration setup. This ensures that security professionals can easily add a web search integration with their environment.
GitHub Integration
Continuing our beta of GitHub integration, we've introduced multiple improvements:
Implemented a check whether the repository to push content to is public or private. The integration is supported only for private repositories, so if the user tries to interact with a public one, an error message is shown.
Made sure the rule's formatting is kept when updating the rule from the Inventory page.
Resolved an issue where a rule could be updated only once. An attempt to update it for the second time resulted in an error message.
Resolved an issue where after pushing a content item from its page, the content format was different on the Inventory page and in the GitHub repository. This issue appeared for the following content types: Chronicle Security Rule, Sumo Logic Query, and Microsoft Sentinel Query.
Fixed a bug where after clicking Clear Deleted Items on the Inventory page the modal contained no content while some items were deleted in the repository.
Updated the incorrect error modal shown when the content to be deleted was absent from the branch.
Navigation Element Descriptions
We've updated the descriptions and design of some navigation elements to make them more concise and meaningful.
Uncoder.IO Redesign
We've redesigned Uncoder.IO to streamline the user experience and refresh the UI. Now, the process of having a Sigma rule automatically translated into various native SIEM, EDR, and XDR formats has become even more intuitive.
Cyber Library
We've updated articles in Cyber Library to keep the information and UI references relevant.
Platform Guides Update
We've updated our Platform Guides to make them up to date with the new functionality. Additionally, we've redesigned the API Guide to make it more user-friendly.
Key Bug Fixes & Improvements
With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:
Improved the logic of combining Filters applied as part of Presets. Now, if there're multiple Filters in a Preset:
Filters are combined with an OR operator
Each filter is put in parentheses
All filters combined with OR are put in parentheses
So, if a Preset contains two Filters
dst_ip = "1.1.1.1"anddst_user = "john" AND src_user = "mary", the query after applying the Filters looks like this:((dst_ip = "1.1.1.1") OR (dst_user = "john" AND src_user = "mary")) AND RULE_QUERY
Returned the Search Profile dropdown to Advanced Search and the How to Get Credentials popup to the CCM (API Deploy) environment setup. These elements disappeared after the previous release.
Fixed a bug where a grayed-out Verified status appeared for Content Packs when a tab with R&D state was selected. Now, the Not Verified status is displayed.
Fixed a bug on the Leaderboards page where in some cases the name of an author didn't appear on the Top Authors chart.
Removed duplicates of configs sourced from the Microsoft Sentinel repository.
Fixed a bug where in some cases after editing the rule's code the Copy to Clipboard button did not work.
Added the Filters tab that was missing on the Continuous Content Management page for users not linked to a company.
Fixed a bug where some users could not see statistics of other users' hunting results in Quick Hunt.
Added a modal that shows after clicking the Hunt button in Quick Hunt to newly registered users if they are still under verification and are not linked to their company. Under these circumstances, the user has no access to integrations, so hunting is not available.
Fixed a layout bug that resulted in elements overlapping on the Upgrade page after minimizing the browser window.
Resolved an issue where in some cases the user could not enable 2-factor authentication on the SOC Prime Platform. When entering the code from the authentication app and clicking the Enable button, an error occurred.
Fixed a bug in the Create Search Profile modal where some items of the dropdowns could have no text.
Fixed a bug where suggested options of the content search bar did not overlap some elements on the Upgrade page.