Skip to main content

SOC Prime Platform Product Release Notes 5.9.1

S
Written by Sergey Bayrachny

September 20, 2023

© 2023 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

Threat Detection Marketplace

Content Quality Improvement

We've improved translations into the following formats:

Microsoft Sentinel and Microsoft Defender for Endpoint. If a field in the Sigma rule has a modifier like contains, endswith, or startswith, the value of the field in the translation is put into quotes.

Humio. We've restricted the use of the in operator so that it functions only as a filter.

LogPoint. We've resolved the issue for the webserver category where the c-uri field was absent from the translation.

Regex Support in CFM

We've added support for regexes on the Values tab of Custom Field Mapping. To help you get the hang of this functionality, we've included some tips right on the page.

Overage Protection

We've introduced an Overage Protection feature for the OnDemand and Enterprise clients. If your rule count is inadvertently reduced, whether due to incorrect usage or accidental deletion beyond your control, we will restore your balance with additional rule counts. This ensures continuous threat detection without disruptions, allowing you to carry out your security activities seamlessly.

Improved Check Connection

We've improved the Check Connection feature for the following Data Planes:

  • Microsoft Sentinel

  • Elastic Stack

  • Humio

Now, the feature returns a more detailed status of the connection:

  • Are the credentials valid

  • Do the credentials provide the required permissions

UI Copy Improvements

We've updated the UI copy throughout TDM:

  • Removed references to Uncoder CTI since this module has been deprecated

  • Updated Continuous Content Management and CCM with Automation to make the new naming consistent across the UI

Uncoder AI

IOC-based Queries

We've updated the template of IOC-based queries for Microsoft Sentinel and Microsoft Defender for Endpoint to keep it up with the latest standards and best practices of the corresponding platforms. Now, the template has the following structure: search (@"value1" or @"valueN").

New Check in Green Warden

Now, Green Warden returns an error if the Sigma rule includes an invalid combination of detection field name modifiers like contains|endswith, contains|startswith, endswith|startswith, etc.

Company Website

We've refreshed the Leadership page, updating the order in which the leadership team members are presented.

Key Bug Fixes & Improvements

With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:

  • Resolved issues with Elastic EQL translations:

    • Improved the query efficiency by moving the filter section to the end of the query

    • Removed redundant square brackets around values

    • Fixed cases where Lucene syntax was applied instead of EQL

  • Fixed bugs in Uncoder AI:

    • Fixed a bug where the parsed IOCs counter in some cases could show a wrong number when a large file with IOCs had been uploaded

    • Resolved an issue where translation between different formats of the same platform did not work:

      • Microsoft Sentinel: Query – Rule

      • Elastic Stack: Query – Detection Rule – Watcher – Saved Search

      • Humio: Query – Alert

      • AWS OpenSearch: Query – Alert

      • Splunk: Query – Alert

    • Fixed a bug with IOC generation limitation which for some time applied incorrectly for users under the Community subscription

    • Fixed a bug where Sigma translation into LogPoint failed in some cases

  • Fixed the meta information and banner on uncoder.io so that they are displayed when a link to the page is sent on social media

  • Fixed a bug with Custom Field Mapping for Microsoft Sentinel where after replacing the default table name with multiple custom values a redundant pipe character (|) was added to the query, which made it unoperational

  • Improved text highlighting on the company website. Previously, the text was highlighted in red and, on large screens, the color was spread to the spare place on the left and right of the text

  • Fixed a bug where in some cases a user under the Enterprise subscription could not apply a promo code

  • Fixed a bug in TDM where the QRadar config alias v7.4.3 failed to apply on the rule's page

  • Made consistent the size of the fields on the Presets page

  • Fixed scrolling issues during the loading of the TDM Search page

  • Updated the limitation message for Premium Apps to inform users that this content type is not available under any subscription and is to be bought separately

  • Fixed a bug with Amazon Athena Filters where Platform and Type were not displayed for the Filters created from the Filters page and the Platform value was incorrect for the Filters created from a rule's page

  • Fixed a bug in TDM's Search where pagination buttons did not work in some cases

  • Fixed links in the MITRE ATT&CK® details blocks on the Intelligence tab so that the search results displayed after following the link are filtered by respective technique

  • Fixed a bug where content count in the Techniques Addressed dashboard in some cases did not match the amount of content displayed after drilling down to TDM's Search

  • Fixed a bug where scrolling of the Your Account menu could be jumpy

Did this answer your question?