January 24, 2024
© 2024 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
Threat Detection Marketplace
Deploying Elastic Detection Rules (EQL)
We've added support for deploying Elastic Detection Rules (EQL) using the existing Elastic Stack Data Planes:
From a rule's page
Via Jobs in Automation
Once deployed, you can find these rules in Inventory.
Additionally, we've updated two fields in all Elastic Detection Rules (EQL) translations:
"language": "eql""type": "eql"
List Details Redesigned
We've updated the design of a List details page making it more consistent with other pages of TDM.
All details available on the page have remained the same. Yet, List settings are now collapsed by default. To expand them, click Show List Settings.
No Search Results Message
We've updated the message displayed when there are no search results by adding more suggestions on what can be done.
Log Source Products Updated
We've updated the mappings of log source products to rules in Threat Detection Marketplace. What it means for users:
More rules can be found using the Log Source Product filter on the Search page
Default Custom Field Mapping profiles are applied to more rules. The profiles are applied to rules mapped to matching log source products
Uncoder AI
API Improvements
We've improved the stability of the Uncoder AI API and added the dst_alt_translation parameter to the POST /v1/uncoder/translate-sigma endpoint. This parameter defines the alternative data schema of the output platform format.
Improved LogRhythm Support
Sigma rule translations into LogRhythm now support modifiers contains, endswith, and startswith.
Pricing Page
We've updated the pricing page adding information on the availability of features recently introduced on the SOC Prime platform:
Single Sign-On
Automated use case documenting via Confluence
Also, we've added information that now Data Planes, Custom Field Mapping, Filters, and Presets are available without limits under an OnDemand or Enterprise plan for any SOC Prime Platform product.
Key Bug Fixes & Improvements
With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:
Fixed a bug on Cyber Threat Search Engine where it was impossible to view the code of some rules right on the page while those rules were supposed to be readily available
Fixed a bug where alternative translation options were duplicated in the Config dropdown on the Code tab of some rules
Resolved issues with Content Lists:
Wrong count of rules in some Content Lists
Rules added to a Content List sometimes were not copied when the List was copied
Improved the quality of translation from Sigma rules into Falcon LogScale and Carbon Black EDR queries
Fixed the More Details link in the MITRE ATT&CK Coverage section of rule intelligence in Uncoder AI
Fixed a bug where integration with Confluence for automated use case documenting via Uncoder AI did not work properly in some cases
Fixed the layout of the successful deployment modal
Fixed a bug in Automation where for certain valid rules deployment failed with a Not valid JSON error
Resolved issues with translations into QRadar:
Where a Sigma rule has both product and service, now only
devicetype=<number>is used in the translation withoutLOGSOURCENAME(logsourceid)Added
devicetype=<number>to all translations that missed it
Updated field mapping for Chronicle Security to ensure all field names in Sigma rules have correct counterparts in this SIEM
Improved error handling in Threat Bounty Bot. Now, the user gets a proper error message when a Sigma has not been created