Skip to main content

SOC Prime Platform Product Release Notes 5.4.6

S
Written by Sergey Bayrachny

December 28, 2022

© 2022 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

More Content for Devo

As part of our constant effort to update and enhance the capabilities of our Sigma converters, we've improved the Devo backend by adding support of contains, startswith, and endswith modifiers. This helped to expand the range of Sigma rules that can be automatically translated into this platform's format.

Improved Authentication with Google

We've improved the authentication flow when using a Google account. Now, if the user tries to sign up or log in with a personal Google account, they are redirected to the signup/login page with a corresponding validation error message.

Updates in Environments

GitHub Settings

We've updated the settings to configure a GitHub integration environment, making the New Branch field not required. If the user leaves the field empty, changes are committed directly to the source branch.

Instructions for Microsoft Sentinel

We've updated the How to Get Credentials modal for the Microsoft Sentinel CCM (API Deploy) environment configuration. The new step-by-step instructions show the relevant flow to get all required credentials and provide the correct permission.

Contact Options Wording

We've updated the names of options to contact us, improving the usability of the menu and making the choice between communication channels simpler.

Cyber Threat Search Engine

Timeline Filter

To improve usability, we've added a new Timeline filter. It enables you to filter the search results by stages present in their context timeline.

The filter has the following options:

  • Media

  • Exploit

  • Threatintel

  • Mitigation

  • CVE

So, for example, if you select the Exploit option, you'll see all Sigma rules from the current search results that are mapped to a known exploit.

Timeline Stages

In the Timeline, we've renamed the Detection stage to Sigma rule. This highlights that the detection algorithm was initially released in the platform-agnostic Sigma language.

Review

At socprime.com, we've placed the most recent review of SOC Prime from the Gartner Peer Insights™.

Password Length

To ensure the security of user accounts on the SOC Prime Platform and Threat Bounty Portal, we've increased the minimum password length to 8 characters. The new limit will apply to passwords for new accounts and updated passwords.

ATT&CK® Navigator Export

In MITRE ATT&CK® Coverage, we've updated the version of the MITRE ATT&CK framework used for ATT&CK Navigator layer export to 12.1.

Platform Guides

We've updated our Platform Guides in accordance with the new functionality of the SOC Prime Platform.

Key Bug Fixes & Improvements

With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:

  • Resolved an issue with automatic deployment of Microsoft Sentinel Rules via Continuous Content Management where Rules updated on the SOC Prime Platform were duplicated in the user's SIEM instead of being updated.

  • Updated the way we show that translation into a particular platform or format is not supported currently. Now, the unsupported platform and format names on the Code tab are grayed out, and when the user hovers over such an item, a tooltip is shown explaining why it is not supported.

  • Resolved issues with applying configurations from the Values tab in a Custom Field Mapping profile.

  • Fixed a bug in Environments where in some cases the Microsoft Sentinel URL was not updated after editing.

  • Resolved an issue where some long Sigma rule translations were truncated on the Code tab.

  • Fixed minor UI issues on the Content Lists page in Continuous Content Management:

    • Restored alignment of the Environment and Jobs column headers.

    • Updated the font used in the Jobs column to make it consistent with other columns.

  • Fixed a URL parsing issue in Uncoder CTI and CTI.Uncoder.IO. Previously, in some cases the text directly following a URL could be recognized as its part.

  • Made the Company tab in the Environments module display only the environments shared with the current user rather than all the environments created by their team.

  • Fixed a bug where after the user opened a translation of a Sigma rule on the Code tab, in some cases part of the code was carried over to the next line for a short time.

  • Fixed a layout bug in Content List creating and editing modals where validation error messages could overlap other elements.

  • Fixed a bug in Presets where a space was added after the value of the Rule Name Starts With field and before the value of the Rule Name Ends With field when the Preset was applied.

  • Added the Job name into the confirmation modal displayed when the user is going to delete a Job.

Did this answer your question?