October 18, 2023
© 2023 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Threat Detection Marketplace
Content Quality Improvements
We've improved the quality of translations into the following formats:
Microsoft Sentinel. We've improved the translations of the
keywordandtimeframefields in Sigma rules.Elastic Stack. Regex logic for case sensitivity now is not applied to the translations of keyword-type fields in Sigma rules.
FireEye OpenIOC. We've improved the translations of logic in conditions that include the AND NOT operator.
My Repositories Page Improvement
Now, the Company tab on the My Repositories page shows all custom repositories created by the current user's company, even those that were created by the current user's teammates but were not shared.
The current user can see non-shared repositories created by the other users from their company, but these repositories are grayed out and cannot be edited or deleted.
The user with a Manager role can see all repository details, while regular users do not see Description, Data Planes, and Created by of their company repositories that are not shared.
Select All for Bulk Actions
We've added the Select All option that sets all checkmarks for available content on the current search results page.
These checkmarks are used to select content for bulk actions such as Add to List and Fork to My Repo.
Free Access Label
We've updated the Git Free Access content availability status to Free Access. Now, content in this category is not limited to rules sourced from open-source GitHub repositories. For example, it also includes content authored together with Corelight.
This update is intended to make it easier to filter for all content readily available under any subscription.
Uncoder AI
Reverse Translations from Splunk Improved
We've improved reverse translations from Splunk into Sigma and supported platform-specific languages, such as Microsoft Sentinel.
Premium Becomes Solo
We've renamed the Premium plan to Solo. The new name better reflects the fact that this plan is intended for individual detection engineers and threat hunters rather than for organizations.
Improved Capabilities for Paid Plans
We've improved capabilities for the OnDemand and Solo (ex-Premium) plans:
Solo
100 → 500 Parsed IOCs for query generation
25 → 64+ (all available) Green Warden code checks for Sigma rules
OnDemand
50 → 64+ (all available) Green Warden code checks for Sigma rules
Platform Repositories Filter
In the search results, we've replaced the Authors filter with the Platform Repositories filter. The options stay the same, but the new naming reflects the repository concept implemented on TDM.
Attack Detective
Demo Investigation Improvements
Show Demo Scan Switch. We've added the Show Demo Scan switch to the Investigations page.
When it's enabled, the Demo Investigation is displayed in the Investigation list and can be accessed by the users from the current company even if there are other finished Investigations.
More Blind Spots in Demo Investigation. We've added to the Blind Spots section of the Demo Investigation log sources other than Windows.
Support for additional log sources in regular Investigations will be added in one of the upcoming releases.
Videos that showcase the Hunt feature. We've added videos that display the hunting process in various security platforms so that the user can get acquainted with the entire workflow.
Hunt Button
We've updated the look of the Hunt button to make the UI more consistent.
Company Website
We've added the latest SOC 2 Type II Independent Service Auditor's Report on this page.
Cyber Threat Search Engine
We've updated the ATT&CK® Navigator layer generated when exporting the search results to version 4.4.
Key Bug Fixes & Improvements
With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:
Removed Amazon Athena and Microsoft Defender for Endpoint from the list of available platforms in Inventory (the Automation module) since the Inventory feature for these platforms is not supported
Fixed bugs in Attack Detective:
Scan intensity settings were not applied to investigations in Amazon Athena and Sumo Logic Data Planes
Some queries were successfully launched directly in security platforms but failed during the scan
An error occurred when the user tried to open certain queries in Microsoft Defender for Endpoint
Check Connection feature did not work correctly on the Investigation setup page
Resolved an issue where in some cases the link to the Sigma rule published on TDM was included in the #threatintel section rather than the Detection section of the rule's timeline on the Intelligence tab
Fixed a bug in Uncoder AI where certain intelligence sections were not available under the Solo plan
Fixed bugs in Uncoder AI's IOC Field Mapping:
A bug where an ID was displayed instead of the Default option
A bug where after selecting Create New Profile and then closing the profile creation menu, a create value option was displayed in the dropdown, which resulted in an error during query generation
Updated the text that explains the need to install a connector app for on-prem Data Planes to be used for Attack Detective
Resolved issues with the Check Connection feature on the Data Planes page where the connection status details in the tooltip were not displayed or did not update automatically after a check