November 16, 2022

© 2022 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

We've redesigned our Log In and Sign Up pages introducing support for logging in and signing up with a Google account.

Using a third-party account makes authorizing even more fast and convenient. OAuth 2.0 ensures security and data protection.

To log in to an existing SOC Prime Platform account, use your Google account associated with the same email.

To create a new SOC Prime Platform account, use your Google account associated with the email you want to use for your SOC Prime Platform account

Note that you can only use a work email.

We've introduced several improvements to the Sigma rule translations into the Elastic native formats:

We've made several improvements to the quality of translations into this platform formats:

We've removed redundant escape characters (\) and brackets around the query. For example:

LOGSOURCETYPENAME(devicetype)=\'Microsoft Windows Security Event Log\' → LOGSOURCETYPENAME(devicetype)='Microsoft Windows Security Event Log'

We've improved the syntax of translations into this platform's formats by adding the equal sign between fields and their respective values in the detection. For example:

LoginType "INTERACTIVE" AND TgtProcCmdLine "abc" → LoginType = "INTERACTIVE" AND TgtProcCmdLine = "abc"

To improve the quality of translation into the ArcSight Rule and Query formats, we’ve enhanced the conversion logic for the endswith, startswith, and contains modifiers removing the unnecessary * symbol. For example:

destinationUserId ENDSWITH "*-500" → destinationUserId ENDSWITH "-500"

We've removed the self-serve capability for MDRs/MSSPs to upgrade to an On Demand plan. Now, MDRs/MSSPs that wish to upgrade can contact our sales and change their subscription plan in a more personalized way.

However, we've kept the self-serve upgrade capability for #sigma2savelives. This ensures that every organization can donate via SOC Prime to support Ukraine.

We've added a Log Sources column on the page that lists Custom Field Mapping profiles to help users easily pick up the right profile. If a log source name is too long, it is truncated and the user can see the full version in the tooltip that shows upon hovering.

We've updated the CCM API Integration Tool adding two parameters to the configuration file that allow users to configure a proxy for CCM API calls.

We've updated the messages that appear in Log Source Coverage and MITRE ATT&CK® Coverage when the selected Search Profile has no matching content. The messages include recommendations on possible actions the user can take to resolve the issue.

We've added the selected Search Profile name in the header of the Overview section in Log Source Coverage and MITRE ATT&CK Coverage. This ensures the user is always aware of the Profile applied to filter the data.

We've added new customer logos to the They Trust Us block shown on the SOC Prime Platform and on our website.

We've added more contact options in the Add-Ons modal on the Pricing page so you can contact our experts and sales in a convenient way.

Schedule a call: Book a meeting with us via Calendly at a time that works for you.

Chat Us: Message us in the live chat directly on the current page.

Email us: Write us an email directly on the current page.

We've updated the fill and border colors of some buttons, changing the legacy red to the shade of green currently used throughout the Platform. This ensures design consistency and creates a better user experience.

We've updated the messages that appear when a Premium Sigma rule is not available to the user because the balance is empty or the rule has the Wait to Unlock status. For example:

We've updated the tooltip that appears for the Premium Sigma balance under the Community subscription plan.

We've updated the Upgrade page introducing several minor improvements:

We've removed the MDR/MSSP toggle from the On Demand block since the self-serve purchase of this plan is no longer available for MDRs and MSSPs.

We've fixed the position of the Need Help? block so that it always stays visible. This ensures the user is aware they can ask our expert a question or reach out for help.

To improve user experience and make the design of a rule's page more balanced, we've decreased the font size used to display the Sigma rule title on mobile devices.

We've improved our Platform Guides structure and updated them in accordance with the new functionality of the SOC Prime Platform.

We've created a Help Center article that contains all the basic information a user under the Community plan needs to get immediate value from the SOC Prime Platform.

Now, instead of looking for detailed information in separate Platform Guides, you can find everything you need in one place.

With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform: