April 17, 2024
© 2024 SOC Prime Inc.
All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
OnDemand Plans Sunsetted
We're sunsetting OnDemand subscription plans for all SOC Prime Platform products. These plans will not be available for new clients.
Accordingly, we've updated our pricing page to reflect the changes.
OpenCTI SOC Prime Connector Updated
We've updated the OpenCTI SOC Prime Connector adding the following capabilities:
Select translations loaded into OpenCTI (before, only Sigma rules could be loaded)
Load rules from multiple Content Lists
Load rules from a Job applying all settings like Custom Field Mapping, alternative translations config, or Presets
Threat Detection Marketplace
Custom Field Mapping and Filters for Graylog
We've added support for using Custom Field Mapping and Filters for Graylog Queries.
You can open the Custom Field Mapping or Filter configuration menu right from a rule's page and make all required settings.
You can also apply Custom Field Mapping or Filter for Graylog in Uncoder AI.
Navigation Improvements in Analytics
We've improved navigation on the Analytics pages:
On MITRE ATT&CK Coverage: added the All Tactics block. Click it to return to the overview after you have drilled down to a specific tactic
On Log Source Coverage: added the All Products block. Click it to return to the overview after you have drilled down to a specific product
Also, we've improved the design of some elements on these pages, like buttons and the search bar, to make it consistent with other pages.
Uncoder AI
Translation Engine Improvements
We've added support for the tstats function when translating from Splunk to Microsoft Sentinel.
Key Bug Fixes & Improvements
With this release, we’ve made the following key bug fixes and improvements to enhance the user experience with the SOC Prime Platform:
Resolved an issue with Single Sing-On where under certain conditions a user with the manager role was unable to enforce SSO to their organization
Fixed a bug with using the Hunt functionality with Microsoft Defender for Endpoint queries in Quick Hunt. Additionally, the same functionality is now implemented for the Search button on a content item's page
Fixed issues with translations from Sigma to Microsoft Sentinel that were related to applying a wrong config for table and field mapping
Added proper error handling for cases where a Preset is applied to a custom Elastic Detection Rule with invalid JSON
Added adaptive layout for the coverage chart and content action state chart on the MITRE ATT&CK Coverage page
Improved the Lists page layout removing empty space that appeared in certain resolutions
Fixed a bug in Uncoder AI where the options of the Platform dropdown were overlapped by a field when editing a rule's intelligence
Improved the design of buttons on the Login/Signup pages
Added proper error handling for cases where a Lucene search for a Dynamic Content List is too resource-intensive
Fixed a bug where under certain conditions the count of rules in a Dynamic Content List was not displayed
Improved the deployment of Elasticsearch content to prevent possible errors
Resolved an issue with Jobs where sometimes content from Custom Repositories failed to deploy