June 27, 2023

© 2023 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

We've updated some of our subscription plans and added new offerings. You can find more details on each current plan on the redesigned Pricing page.

Each product now has its own Community, OnDemand, and Enterprise plans presented on a separate tab on the Pricing page.

In particular, we've updated the terms of the Threat Detection Marketplace (TDM) OnDemand plan. Now, it gives access to detection content in just 24 hours after its release, includes 200 Sigma rules of your choice, and offers unlimited TDM functionality.

Also, we are glad to announce a special version of TDM Enterprise named Threat Informed Defense. In addition to 100 rules of your choice, it includes 1,000 pre-selected rules to detect Bear, Panda, and Kitten families of threat actors.

As for Attack Detective, we've added an OnDemand plan that provides your organization with 12 investigations per month and much more content to use for scanning.

Note that old subscription plans that are not offered anymore remain valid until they expire.

As part of continually expanding the range of supported detection content formats, we've added a new config for alternative translations into QRadar with data schema alias v7.4.3.

We've added a connection check feature to the Microsoft Defender for Endpoint Data Planes. Click the Check Connection action button next to a Data Plane of this type to ensure the configured integration works fine.

If your Data Plane is disconnected, you'll see an error message specifying whether the issue is with the used credentials or the lack of required permissions.

In the History section of Automation, you can now export your history records. Click the export button, and a CSV with your history records will be saved.

Note that the scope of data for export corresponds to the scope of data currently visible on the selected page in the History section. This is intended to prevent the creation of extra-large export files.

We've added icons next to the section names in Automation to improve the design and make section selection more intuitive.

We've added support for reverse translations from Splunk Alert into multiple platform-specific formats.

To see all available output formats, select Splunk Alert with default data schema as your input format and open the output format dropdown.

We've added Sigma as an output format option for all input formats with reverse translation supported.

We've updated the number of parsed IOCs for queries available under a Community plan to 20.

Additionally, the limitations of some features in Uncoder.IO also changed and now are as follows:

We've made the autocomplete window larger to ensure this feature is convenient for every security practitioner.

We've made the subtitle capitalization approach consistent across all menu items.

On the Cyber Threat Search Engine page, we've added a link to our Discord channel where users can provide feedback on the detection content.

We've updated the Investors/Advisors section on the Leadership page by adding a new advisor.

We've made limitation messages in popups more informative and added a button to sign up on the SOC Prime Platform and use the free plan of Uncoder AI with more capabilities offered right away.

With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform: