Skip to main content

SOC Prime Platform Product Release Notes 5.4.2

S
Written by Sergey Bayrachny

November 2, 2022

© 2022 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

Content Availability Update for Community Plan

We've updated content availability rules for organizations under the Community plan:

  • The Premium Sigma rule balance, which previously was individual for each user, has become shared across the team.

  • The number of Premium Sigma rules an organization can unlock for free is now limited to 2 per month.

Onboarding Wizard Improvements

We've introduced significant improvements into the onboarding process:

  • Merged Platform URL and Integration steps to improve the flow. Now, you can set up both Hunt and CCM (API) integrations with your environment during a single step.

  • Updated the Lookup via API option of the Log Sources step. In particular, we've solved the issue where Kibana and Elasticsearch credentials were mixed up for the Elastic platform.

More Contact Options

We've added more communication options so you can contact our experts and sales in a convenient way.

  • Schedule a call: Book a meeting with us via Calendly at a time that works for you.

  • Chat Us: Message us in the live chat directly on the current page.

  • Email us: Write us an email directly on the current page.

Uncoder CTI

We've returned limitations to the free version of Uncoder CTI available under the Community and On Demand plans:

  • 500 IOCs per user per day

  • 10 queries per user per day

Organizations with an On Demand plan will be able to remove the limits by ordering the unlimited Uncoder CTI as an add-on to their subscription.

The limits are not applied for existing On Demand and Enterprise users. They are valid only for new subscriptions.

Additionally, we've updated UI texts at cti.uncoder.io, the version of Uncoder available without registration, to highlight that signing up at the SOC Prime Platform significantly increases the number of available IOCs and generated queries.

Environment Selection for Splunk

We've added the ability to select an environment when running a search in Splunk from the rule's page.

New API Parameter

We've added a tags_rule_type parameter to the /v1/search-sigmas API endpoint. It is a string that indicates the type of the Sigma rule and has two possible values:

  • query — intended for threat hunting (may generate a considerable rate of false positives and require fine-tuning according to your environment)

  • alert — intended for real-time detection (rarely generates false positives)

You can also use the tags.rule_type field in the client_query_string parameter of the same endpoint that allows defining a Lucene-based query.

Content Availability Filter

In Advanced Search, we've made the process of applying options in the Content Availability filter consistent with all other filters. Now, you can first select multiple options and then apply them at once.

Product Tours

To help new users under a Community subscription quickly understand the basics of the SOC Prime Platform, we've added product tours to the Advanced Search and MITRE ATT&CK® modules. Users can take the tour when they first open the module or postpone it until later.

UI Improvements at socprime.com

Add-ons and Professional Services

We've updated the Pricing page, adding more information about our offerings:

  • #sigma2savelives. A version of the On Demand plan where all the money you pay is donated to support Ukraine.

  • Add-ons. Learn more about the value brought by our add-on modules, Quick Hunt and Uncoder CTI.

  • Professional Services. Find out about additional services you can order to boost your subscription plan.

Charity Description

We've updated the charity description in the #sigma2savelives subscription plan.

Cookies Modal Size

We've added the Show More/Show Less option to the Accept Cookies modal in the mobile view to make the modal smaller.

Key Bug Fixes & Improvements

With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:

  • Fixed a bug where under certain conditions clicking the browser's Back button while on the Intelligence tab of a Sigma rule's page could redirect the user to the Code tab rather than back to Advanced Search.

  • Resolved an issue where the Code tab was automatically opened after drilling down to a rule and a Premium Sigma rule was deducted from the balance if the user had already opened that tab with a zero Premium Sigma rule balance.

  • Fixed a bug where the selected Custom Field Mapping was not applied to a search in Splunk run from the rule's page.

  • Fixed a bug on the Cyber Threat Search Engine where the mouse cursor was not shown when the user typed a search query.


Did this answer your question?