Skip to main content

SOC Prime Platform Product Release Notes 5.12.2

S
Written by Sergey Bayrachny

June 26, 2024

© 2024 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RBAC Extended

We've added to the Role-Based Control System (RBAC) more permission controls described below.

Search Profile

Control the level of Search Profile permission of a role:

  • View Only. The role can view a Search Profile, but cannot create, edit, copy, or delete it

  • Create/Edit. The role can create a Search Profile as well as edit, copy, or delete their own Search Profile or a Search Profile shared across their team

  • Administration. The role can view, edit, or delete Search Profiles of other users on their team including those profiles that are not shared

Applying a Search Profile is available under any role.

Hunt

Control if the role can hunt (drill down to a platform and launch queries on it):

  • Enabled. The role can use the hunting functionality in Threat Detection Marketplace (the Hunt button on the Hunt page and the Search button on the code tab off a rule's page) and Attack Detective

  • Disabled. The role cannot use the hunting functionality

Deploy Content

Control if the role can deploy content:

  • Enabled. The role can deploy content from the rule's page in Threat Detection Marketplace, via Uncoder AI, and in Automation as well as run Jobs in Automation

  • Disabled. The role cannot deploy content

Threat Detection Marketplace

Customizations for Hunters

Now you can configure Filters and Custom Field Mapping profiles for the Hunters platform. This ensures that the translations into this format can be tailored to a specific environment.

Search Results Limitation

Users under the Community subscription in Threat Detection Marketplace will be able to view only the top 10 search results in Threat Detection Marketplace and Uncoder AI.

To view all relevant results, we suggest applying filters, changing sorting, and using more specific search terms.

Uncoder AI

More Intelligence Fields When Saving

Now, when saving a rule to your custom repository, you can fill in more Intelligence fields:

  • Audit Configuration

    • Event Volume

    • Definition

    • Enable Commands

    • GPO Audit Policy

  • False Positives

  • Triage Recommendations

  • Severity

  • Status

Attack Detective

Access via API

We've rolled out two Attack Detective API endpoints:

  • GET /v1/attack-detective/scans to get a list of all finished scans run by your organization in Attack Detective

  • GET /v1/attack-detective/scan-result to get scan results for a specified scan or a Data Plane in a scan

Note that to call these endpoints you need to allow Attack Detective for your API key when creating it. To have the Attack Detective option enabled in your API key settings, please contact your Customer Success manager.

Progress Bar

We've added the scan progress bar with the status indication to ensure that the actual state of the scan is always easy to identify.

Query Count

We've simplified the indication of the available query count under the Enterprise subscription. Now, next to each table/index name only one figure is shown. It represents the total number of queries on the SOC Prime Platform that match the indicated log sources.

Key Bug Fixes & Improvements

  • Fixed a bug where under certain conditions rules were not added to a Content List

  • Fixed a bug where under certain conditions it was impossible to create a GitHub integration profile

  • Updated the raw_log_fields render used in Palo Alto Cortex XSIAM translations by adding a field type definition

  • Fixed a bug in Safari where a Copy to clipboard modal appeared when the user clicked the Copy icon in Uncoder AI

  • Fixed layout issues:

    • In the Data Plane dropdown when deploying code from the rule's page where sometimes Data Plane names were not displayed in full

    • In the Save to dropdown in Uncoder AI when saving a rule to a custom repository

  • Updated the Attack Detective tab on the pricing page by adding a detailed comparison of different Enterprise plans

  • Resolved layout and scroll issues in Uncoder AI that sometimes appeared when a long rule from a custom repository was opened

  • Fixed an error where a deployment job linked to an Inventory Content List sometimes failed

  • Fixed a bug where in some cases it was impossible to update a Chronicle Security rule from Inventory

  • Fixed a bug where Microsoft Sentinel rules failed to push to GitHub because the query period wasn't in the ISO 8601 format

  • Resolved an issue that resulted in applying a Splunk filter to query without a trailing space after the AND condition

Did this answer your question?