Skip to main content

SOC Prime Platform Product Release Notes 5.12.3

S
Written by Sergey Bayrachny

July 10, 2024

© 2024 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RBAC Extended

We've added to the Role-Based Control System (RBAC) more permission controls described below.

SSO Settings

Control if the role can configure and enforce Single Sign-On for your organization:

  • Enabled. The role has access to the Single Sign-On settings

  • Disabled. The role doesn't have access to the Single Sign-On settings

Integrations

Control the level of the Integrations permission of a role:

  • View Only. The role can view an Integration, but cannot create, edit, or delete it

  • Create/Edit. The role can create an Integration as well as edit or delete their own Integrations or Integrations shared across their team

  • Administration. The role can view, edit, or delete Integrations of other users on their team including those Integrations that are not shared

Data Planes

Control the level of the Data Planes permission of a role:

  • View Only. The role can view a Data Plane, but cannot create, edit, or delete it

  • Create/Edit. The role can create a Data Plane as well as edit or delete their own Data Planes or Data Planes shared across their team

  • Administration. The role can view, edit, or delete Data Planes of other users on their team including those Data Planes that are not shared

Tenants

Control the level of the Tenants permission of a role:

  • View Only. The role can view a Tenant, but cannot create, edit, or delete it

  • Create/Edit. The role can create a Tenant as well as edit or delete their own Tenants or Tenants created by other members of their team

Forced Password Change

From now on, users who use password to log in will be prompted to change their passwords once in three months to ensure the high level of security.

Threat Detection Marketplace

New Look of Intelligence

We've redesigned the Intelligence tab of a rule's page to make its look and feel consistent with other products on the SOC Prime Platform. Also, we've added three new fields:

  • False Positives

  • Triage Recommendations

  • Audit Configuration

Data Plane Selection

We've added a possibility to specify the Data Plane when manually marking a content item as deployed. You can do it:

  • On the Code tab of a rule's page for a single translation

  • On the rule's page for multiple translations of a single rule

  • In bulk actions on the Search page for multiple translations of multiple rules

Note: You can specify the Data Plane only for platforms for which a Data Plane profile can be configured on the SOC Prime Platform.

Later on, we'll release functionality to filter the deployment analytics by Tenant and Data Plane.

Import Content Improvements

We've made the following improvements to the Import Content flow:

  • Added the Skipped category. It includes content that wasn't imported (usually because it already exists in the target repository)

  • Now the user can click the number next to the Failed and Skipped labels and see the list of content that fell into the respective category

Key Bug Fixes & Improvements

  • Improved handling of errors when applying a Preset to a rule if a Custom Field Mapping profile has already been applied

  • Fixed a bug where non-shared Integrations and Data planes of the current user were displayed on both My and Company tabs of a respective page

  • Made minor visual improvements in the UI on the Custom Field Mapping page

  • Fixed checkbox position on the Jobs page for mobile resolutions

  • Made tooltips across Threat Detection Marketplace consistent in style

  • Updated Roota rules generated based on the Microsoft Sentinel repo content

  • Fixed a bug in Uncoder AI where dropdowns sometimes did not close after an option was selected

  • Fixed a bug in rule intelligence in Uncoder AI where the values of the Related Event IDs field in the Audit Configuration section were not displayed

  • Ensured that Threat Bounty Developers cannot save a Sigma/Roota rule if this rule has the On Review or Published status

Did this answer your question?