February 8, 2023
© 2023 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Content Quality Improvements
We've Introduced multiple improvements in translations of Sigma rules into the following platform formats.
Carbon Black
Ensured that Sigma rule fields that should not be rendered in the Carbon Black translations are always excluded.
Removed redundant quotes around values of the fields with modifiers and regexes.
SentinelOne
Replaced comma with
ORoperator as an item separator when converting field values with lists within a Sigma rule'sdetectioncomponent.Removed redundant
=characters from the translation syntax.Ensured correct operator usage when converting the
startswithSigma modifier.Removed redundant parentheses.
Added quotes around string values.
Sumo Logic
Replaced comma with
ORoperator as an item separator when converting field values with lists within a Sigma rule'sdetectioncomponent.Removed redundant quotes around field values that previously were used in some cases.
Splunk
Enhanced the Splunk backend to increase the number of alternative Sigma rule translations for the
datamodelconfig.
Home Page
Industry Selection
Since most insights and recommendations on the Home page depend on the industry, it's essential to have the correct industry configured for your company.
We've added functionality to help you easily set or update your industry right from the Home page.
If your industry is not set yet, click on "here" in the welcoming message.
A modal appears where you can select your industry from the dropdown.
The changes are applied at once.
If you think that the industry currently set for your company is wrong, you can request to change it in the upper right corner.
After you select a new industry:
If you have a Manager role, the selected industry will be applied to your company configuration at once.
If you don't have a Manager role, the selected industry has to be approved by your Manager.
If your company's team does not include a Manager role, our admins will review the requested change.
Users with a Manager role can also update their company's industry in the Account settings.
Users without a Manager role cannot edit this setting anymore.
Recommendations by Threat Actors
We've improved our databases of Threat Actors targeting specific countries and industries, to make the content recommended by Treat Actors even more relevant.
Note that to see personalized content suggestions on this tab, you need to have both the country and industry of your company configured.
Moving Community to Discord
We've started moving our community from Slack to Discord. Accordingly, we've replaced all related links on the SOC Prime Platform. Now, they lead to our Discord server.
We've made related updates to the accompanying texts as well.
Signup with Third-Party Services
To ensure that when a user signs up through a third-party service the name field input is valid, we've added a check if it contains only Latin characters.
Updates at socprime.com
We've updated the tooltip shown upon hovering an item on the Binaries tab in the Sigma rule metadata.
Help Center Articles
We've updated articles in the How to Deploy Content section of the Help Center to make them consistent with the new functionality of the SOC Prime Platform.
Key Bug Fixes & Improvements
With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:
Improved synchronization with GitHub repos to make sure no valid free Sigma rules are missing on the SOC Prime Platform.