Skip to main content

SOC Prime Platform Product Release Notes 5.10.3

S
Written by Sergey Bayrachny

March 20, 2024

© 2024 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

SOC Prime Platform

Support for New Platforms

As part of our constant efforts to expand the range of SIEMs/EDRs/XDRs/Data Lakes covered with content published on Threat Detection Marketplace, we've added support for content for two new platforms:

  • FortiSIEM rules

  • LogRhythm Axon rules and queries

Find this content using the Platform filter in Threat Detection Marketplace.

Additionally, now you can translate rules and queries into these formats on your own via Uncoder AI.

Subscriptions in Account Menu

Now, after clicking the account icon menu, you can see your organization's subscription plan for each of the core three products of the SOC Prime Platform.

The item with the subscription for the product the user is currently in includes the expiration date and an Upgrade link.

Threat Detection Marketplace

Content Quality Improvements

  • Microsoft Sentinel Query and Rule. For content with product:linux, the default translations into these formats now have all field names replaced with syslog_message and all operators (except for regexes) with contains. We've also added an alternative linux translation for such content, where different field names are preserved.

  • Elastic Stack EQL Queries. We've added a whitespace after the commas that separate OR values

  • Crowdstrike Endpoint Security. We've renamed raptor alternative translations config into CrowdStrike-Query-Language-(CQL)

Search Bar on Overview

To make the Overview page of Threat Detection Marketplace even more convenient, we've extended its functionality with the Search bar.

It works the same as on the Search page, with standard and Lucene search, suggestions, etc. Once you click the magnifying glass icon or hit Enter/Return, you're redirected to the Search page with search results based on the entered request.

UX Improvement in Presets

To ensure a good user experience when creating and editing Presets, we've moved the sharing switch to the main Presets modal (before it was on the initial Create Preset modal).

UI Improvements

  • Updated the Discord link on the home page

  • Added labels for the mapping configuration fields in Splunk Custom Field Mapping profile settings in addition to placeholders. Now, the user can easily see what each field means even if it's already filled in

  • Updated one of the logos in the They Trust Us block on the Pricing page

  • Improved the hover state of various icons and made multiple minor improvements in the look and feel of various elements

Uncoder AI

Rule Association Reset

Now, to reset the association with a rule opened through search or saved in a custom repo, you can simply click the X icon next to the rule name.

Also, we've added the repository name under the rule name to make sure you always know what repository the current rule belongs to.

Use Case Documentation for Custom Content

Now you can use the Use Case Documentation feature with content stored in a custom repository.

Key Bug Fixes & Improvements

With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:

  • Improved the experience of choosing the API key expiration date:

    • Now, the minimal expiration date of all available products is shown by default

    • If an invalid date is entered manually, a validation error message is displayed right away

  • Updated Threat Bounty Developer Portal Privacy Policy and Privacy FAQ

  • Fixed issues with remapping into OCSF in Uncoder AI:

    • Splunk Query (SPL): now the _sourceCategory field name is kept as is

    • Splunk Alert: eventName is now translated into api.operation

    • Falcon LogScale Query:

      • winlog.event_data.FileName is now translated into file.name

      • winlog.event_data.Image is now translated into process.file.path

  • Improved translations from Elastic Stack Query (Lucene) to Elastic Detection Rule (Lucene) in Uncoder AI making sure that the proper JSON escaping is applied

  • Fixed a bug where the web browser autocomplete could be applied in the platform selection dropdown in Uncoder AI

  • Added an additional check to ensure that a Job that had been started cannot be re-started again during 5 minutes

  • Fixed an issue where email notifications about new and updated content were not sent for some time

  • Resolved an issue where the validation check if an email had already been used for registration in the Threat Developer Program was case-insensitive

Did this answer your question?