Skip to main content

SOC Prime Platform Product Release Notes 5.8.1

S
Written by Sergey Bayrachny

July 12, 2023

© 2023 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

Threat Detection Marketplace

Lists

We've updated the design of the Lists page making it consistent with other newly redesigned pages. Additionally, we've removed the redundant navigation menu on the left that allowed going to pages in the Automation section.

Authors Filter

We've improved the Authors filter in Search. Now, each filtering option contains only one author name, and different options are combined with the AND operator. This update makes filtering by author much more flexible.

Uncoder AI

Auto-fix Issues with Sigma Rules

We've extended Green Warden with the capability to automatically fix basic issues with Sigma rule syntax.

After validating your rule, set the checkmarks next to the issues that can be fixed automatically and click the Fix button.

For now, the feature is able to automatically fix issues with detection modifiers and a common drive letter (such as C:\) in the selection.

Hotkey Improvements

We've improved the functionality of the hotkeys:

  • Search (option/alt + S): the search input is active right away after using the key combination

  • Content Platform 1 (option/alt + 1): numbers up to 9 can be used

Upgrade Button

Now, the Upgrade button opens the Uncoder AI tab on the Pricing page where you can find all the details on the available subscription plans.

Attack Detective

Audit Configuration

On the Blind Spots tab of Data Audit, we've added an Audit Configuration section that includes info on one or more of the following topics:

  • Event Volume

  • GPO Policy

  • Enable Commands

The section is shown when the Logsources view is selected.

Query Details

We've redesigned and expanded the sections of query details that include the underlying rule metadata and intelligence.

Now, in addition to the basic metadata, the details include the following sections:

  • Description

  • Hit Rate and Action Loop

  • Timeline

  • Attack Surface

  • False Positives

  • Triage Recommendations

  • MITRE ATT&CK® Coverage

  • Binaries

  • Techniques Simulations

False Positives and Triage Recommendations are augmented by ChatGPT.

Navigation Icons

To further improve navigation in Attack Detective, we've added icons that enable the user to go to key pages:

  • On Scan Overview: icons to go to Scan Details and Data Audit

  • On Scan Details: icons to go to Scan Overview and Data Audit

  • On Data Audit: icons to go to Scan Overview and Scan Details

Adaptive Layout

We've improved the adaptive layout of the Overview page to ensure a good user experience regardless of screen resolution.

Data Audit Page

We've simplified the page listing Data Audits by removing unnecessary Investigation details not directly related to Data Audit itself.

Investigation State Tooltips

We've added tooltips displayed upon hovering over the Investigation state icons on the Investigations page.

Company Website

We've updated the Pricing page on the company website implementing the new design already used on the SOC Prime Platform's Pricing page.

Platform Guides

We've updated the Platform Guides according to the new functionality.

Key Bug Fixes & Improvements

With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:

  • Fixed a bug where the Check Connection feature did not work for Humio Data Planes

  • Fixed bugs in Uncoder AI:

    • Fixed a bug with styles in the input and output panels

    • Improved the autocomplete functionality in the tags component. Now, options are suggested regardless of indentation in the current row

  • Fixed bugs in Attack Detective:

    • Excluded the Reconnaissance and Resource Development tactics from the Blind Spots

    • Fixed overlapping by the header for a tooltip on the Overview page

    • Improved tooltip texts on the Overview page of Attack Detective

  • Fixed a bug where in Firefox the user couldn't type a value in the Default Field or Custom Field when creating a Custom Field Mapping Profile

  • Made it possible to save a Data Plane with a name that already exists for the company, if the existing Data Plane is not shared

  • Resolved an issue where after saving a Content List, a wrong rule count could be displayed

  • Fixed a bug with breadcrumbs layout on a rule's page in TDM

  • Updated tooltips in the OnDemand block on the Attack Detective tab of the Pricing page

Did this answer your question?