May 3, 2023

© 2023 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

With this release, we've enhanced the quality of Sigma rule translations into the following formats.

We've improved the handling of single and double quotes in Sigma rules when translating into this platform's format.

We've improved the parsing of fields with modifiers in the detection component and their processing for translations with the default config. This ensures that values with non-alphanumeric characters are handled in the correct way taking into account the type of the field in the translation.

We've renamed Environments to Data Planes to highlight how they fit in the concept of Zero Trust Architecture.

We've moved Data Planes (ex-Environments), Custom Field Mapping, and Search Profiles to a new menu called Platform Settings. This is part of our effort to improve navigation and group all settings of the SOC Prime Platform in one place.

You can find Platform Settings under the Account icon.

After opening Platform Settings, you can navigate to the desired section on the left.

Temporarily, Data Planes (ex-Environments), Custom Field Mapping, and Search Profiles are still available via the Automate menu, just like before. Yet, they already have updated URLs, so if you've bookmarked them, please update your bookmarks.

In addition, to make the Account icon menu cleaner, we've combined all Account Settings into one menu item.

After clicking it, you can select the desired settings section on the left, just like before.

We've redesigned the Data Planes (ex-Environments), Custom Field Mapping, and Search Profiles pages, making them more consistent and adding a search bar.

Also, we've revamped the context action menu:

We've improved the options suggested in autocomplete. Additionally, MITRE ATT&CK® tactics, techniques, sub-techniques, tools, and actors are suggested only in the tags component of a Sigma rule.

We've improved the parsing of IPs as IOCs. Now, IPs with octets greater than 255 are not recognized as valid.

To better focus our efforts on the development and enhancement of Sigma rules, we've deprecated and removed some content types that have not been relevant for most users.

The following types of content have been removed from the UI and are no longer accessible:

This means that as of now the following content types are available on the SOC Prime Platform:

Accordingly, we no longer accept deprecated types of content through the Threat Bounty Portal.

We've updated the placeholder text in the input panel that informs the user that the SOC Prime Platform does not store their input.

We've removed the functionality of parsing MITRE ATT&CK® tags from the Bot. Now, the parsing is done on the SOC Prime Platform side to centralize the process.

Some Sigma rules can contain strings that Slack considers to be indicators of a virus or other malware. Such files can’t be uploaded to Slack.

In this case, the Sigma rule is still submitted for review, but instead of the file with the Sigma code that can't be uploaded, we show a message explaining the situation.

With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform: