Skip to main content

SOC Prime Platform Product Release Notes 5.9.7

S
Written by Sergey Bayrachny

December 14, 2023

© 2023 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

Threat Detection Marketplace

Naming Updates

To keep up with the current naming of security technologies and prevent ambiguity, we've updated the names of two security platforms:

  • CrowdStrike → Crowdstrike Endpoint Security

  • Humio → Falcon LogScale

Naming updates have been applied across all products of the SOC Prime Platform.

Translation Quality Improvement

We've improved field mapping and slash processing in Sigma rule translations into VMware Carbon Black EDR queries.

Sorting by Attributes

We've added the functionality of sorting lists by item attributes on multiple pages of the SOC Prime Platform:

  • Tenants

  • Data Planes

  • Integrations

  • My Repositories

  • Custom Field Mapping

  • Filters

  • Presets

  • Search Profiles

  • Lists

  • Jobs

Sorting is available by name, created date, and some other attributes. To apply sorting, click the up or down arrow in the header of the corresponding column.

Subscriptions Page

We've renamed the My Subscription page to Subscriptions and expanded its functionality.

Now, it displays your organization's subscription plan for each product on the SOC Prime Platform.

If you have a personal Solo subscription for Uncoder AI, you can also view and manage it here.

Accordingly, we've removed the box with TDM subscription information from the Account page to avoid redundancy.

Search Profile Copying

We've added the capability to copy Search Profiles. This way, you can take an existing Search Profile and use it as a basis for a new one.

How to use the new feature:

  1. Go to Search Profiles and click the Copy icon next to a profile you want to copy.

  2. The Create Search Profile modal opens, pre-filled with values from the original profile.

    1. Click Save Changes to create a new profile that is absolutely identical to the original one. "- Copy" will be appended to the profile name.

      OR

    2. Update field values and click Save Changes.

Navigation in MITRE ATT&CK® Coverage

Now, you can click the MITRE ATT&CK Coverage title to get back to the overview after drilling down to a specific tactic.

Uncoder AI

New Data Schemas for Falcon LogScale

We've expanded the list of available data schemas for Falcon LogScale Alert and Query. Now it includes:

  • Default

  • CIM

  • CrowdStrike

  • OCSF

  • Winlogbeat

  • Zeek

More Information for Private Email Users

Now, when the users who've registered with their private email navigate to Threat Detection Marketplace or Attack Detective from Uncoder AI, they'll land on a dedicated page that explains the key benefits and capabilities of the corresponding product. Right from this page, the user can change their email to get access to all SOC Prime Platform products.

Previously, when such a user clicked on Threat Detection Marketplace or Attack Detective in the header, a tooltip was displayed that encouraged them to change their email.

Uncoder IO

We've made improvements and fixed bugs in Uncoder IO. You can find more details about the latest releases of this project on GitHub.

The Prime Hunt

We've expanded the integration with OpenCTI. Now, you can send the selected result to OpenCTI as an IOC.

Key Bug Fixes & Improvements

With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:

  • Fixed a bug with automated deployment of a rule from a custom repo where the Job failed and stopped if the rule's JSON was invalid. Now, a Job skips such rules and logs the respective error in History.

  • Added VMware Horizon and NSX as log source products on the SOC Prime Platform

  • Fixed a check connection issue for Elastic Stack Data Planes with a specific Space configured

  • Fixed a bug in Attack Detective where the Elastic Data Plane connection check could fail if Attack Detective was granted permissions for access only to a limited number of indexes

  • Fixed a bug in Uncoder AI where a Sigma rule with level: informational failed to translate into Splunk Alert and Chronicle Security Rule.

  • Resolved an issue with Job logs where after clicking Debug Logs for a Job with multiple Data Planes the user could view logs of deployment into non-shared Data Planes. Now, the user can view only those logs that are related to their Data Planes or shared Data Planes

  • Fixed an Inventory layout bug in Safari where empty space was added next to the checkboxes

  • Fixed a bug with Automation Jobs where a Job linked to multiple Lists failed with an error if one of the Lists was deleted

  • Resolved an issue in Uncoder AI that could lead to failing of reverse translations from CrowdStrike

  • Made the limitation message about reverse translations availability depending on the subscription plan in Uncoder AI more user-friendly

  • Fixed a bug in Dynamic Lists where filtering by a specific Platform Repo was not applied

  • Resolved an issue in Uncoder AI where it was impossible to save a Sigma rule with an empty falsepositives or references field to a custom repo

  • Fixed a bug in Green Warden where sub-technique ID T1021.008 (Remote Services: Direct Cloud VM Connections) was not recognized as a valid tag

Did this answer your question?