Skip to main content

SOC Prime Platform Product Release Notes 5.13.4

Written by Eugene

SOC Prime Platform Product Release Notes 5.13.4

October 7, 2024

© 2024 SOC Prime Inc.

All rights reserved. This product and documentation related are protected by copyright and distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this product or documentation related may be reproduced in any form or by any means without the prior written authorization of SOC Prime. While every precaution has been taken in the preparation of this book, SOC Prime assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

Palo Alto Cortex XDR Integration

With this latest release, we’ve enriched the list of integrations with Palo Alto Cortex XDR. The platform support is currently added for the following SOC Prime products*:

  • Threat Detection Marketplace (TDM)

  • Uncoder AI

*Please note that automated code translation is currently available only in Uncoder AI when using Palo Alto Cortex XDR as a target platform.

We have also improved translation quality from IBM QRadar to Palo Alto Cortex XDR by resolving the log source parsing issue.

TDM

Jobs

UX Improvements

For a better user experience with Jobs, we’ve made the following enhancements:

  • Added the Job ID to be displayed along with a Job name in the Job Name column

  • On the Create/Edit Job pop-up, if the user selects Elastic as their Platform and chooses an on-premises Data Plane, they will be limited to saving content only in the Watcher or Detection Rule (Lucene) language formats (the only ones supported for deploying content into an on-prem Elastic Stack Data Plane)

  • Made UX and logic improvements to the Tenants functionality*:

    • If no Tenant is selected, the Data Planes drop-down contains all Data Plains available to the current user.

    • If a certain Tenant is selected, the Data Planes dropdown contains all Data Plains from that Tenant available to the current user.

*Please note that if the Tenants module is disabled in the Admin Panel, the Tenants option will also be disabled in UI, and the user will be able to select only the Data Plane.

Deployment Permission Updates

Made improvements to the Jobs functionality by specifying the deployment permissions. According to the released updates, to initiate a Job, deployment permissions are granted to the user running this Job rather than the user who created it. If the user has no deployment permissions:

  • The corresponding Jobs cannot be launched

  • The failed deployment is added to logs on the History page, and the user will see the corresponding error message.

Overview Page: Learn About Emerging Threats

Striving to enable the global cyber defender community to constantly keep up with the latest industry trends and the dynamic cyber threat landscape, we’ve added the ability to instantly drill down to our Discord channel focused on emerging threats. With this update, the TDM Overview page now includes two buttons:

  • CTA that leads to the corresponding Discord channel enabling security enthusiasts to learn about emerging threats and find content to detect them

  • The Join Discord button for newcomers to our Discord community

Presets & Tenants Redesign

With this release, we’ve created a new layout for the Preset Profile page to streamline the user experience. Please note that on the Create New Preset Profile page, customers will now be able to see different fields when creating a new preset, depending on the selected platform.

To enhance performance and user experience, we’ve created a new layout for the Tenants page.

Uncoder AI

With this latest release, we’ve improved the Supercharge functionality in Uncoder AI, which now enables passing any query, even if it’s not valid, and generating Roota. The only limitation with such Roota code is that translation will no longer be available for it.

Company Website

We’ve made the following changes to the company website:

  • Added a new registration page for the upcoming webinar “Service Provider Special: Proven Strategies for MDR Excellence with Insights from Aruga Cyber & SOC Prime” along with the event details on the Events page

  • Added the “Context-Based Detection Engineering webinar” for two time zones to the Events archive and uploaded a webinar recording to our YouTube channel

Key Bug Fixes & Improvements

  • Made UX improvements by updating the tooltip text on the Code tab on the content item page when a certain content type is not supported (e.g., Rule or Query). If certain content translation is not available, when clicking on the Code tab, there’s a link with the ability to open the code in Uncoder AI and see it in the Sigma rule format convertible to other languages.

  • Enhanced Sigma rules quality by fixing the issues with field duplication (reference instead of references) in a limited number of detections.

  • Resolved the issue within Platform Settings to prevent text splitting and misconfigurations in the Name section.

  • Improved the Platform Onboarding experience to ensure proper display of pop-ups.

  • Resolved the issue with scrolling the Quick Hunt page when the pop-up with a certain MITRE ATT&CK technique or sub-technique is open.

  • Fixed the backslash parsing issues to improve translations for Elastic EQL rules.

  • Improved Crowdstrike CQL translation quality by implementing relevant updates as per query language syntax.

  • Enhanced Roota rules translation quality by resolving the issues with parsing the Name and Description rule sections. Now, when saving the code, the rule name and description are pulled from Roota.

  • Improved UI on the Create New Tenant page by adding an extra space between the Data Planes description and the Data Planes field.

Did this answer your question?