April’s Splendid SOC Prime TDM Update

With this release, we’ve done a great job and today we are delighted to introduce our sparkling new features and improvements to SOC Prime Threat Detection Marketplace (TDM).

Check out what’s new.

New Platforms

The most wanted innovation is the support of a couple of popular Platforms.

CrowdStrike

You can now hunt for the threats using TDM rules in the CrowdStrike environment. The integration button “Search in CrowdStrike” is also available — no need to copy and paste queries.

Humio

Content for this platform is now available at SOC Prime TDM! Humio is a popular platform that helps security specialists in their defensive work against cyberattacks, and now we can suggest 1700+ community and exclusive rules to detect APT activity, malware, and exploits. 

“The rules in the TDM are now convertible to the Humio query language. This brings a lot of value for Humio users since now the TDM rules can be used in Humio to search and detect threats.” – Aleks Bredikhin, CTO

Enhancements

The latest TDM release provides a number of new features for Azure Sentinel integrations. You can now save and deploy hunting queries and rules to different Azure Sentinel instances from the TDM web console. Read more about TDM solutions for Azure Sentinel at SOC Prime integration with Microsoft Azure Sentinel.

You can now get rules for the Corelight logs. This allows you to increase your threat detection capabilities with the new Corelight backend. Now available for Elastic Stack and Splunk.

Good news for Carbon Black users — 1500+ rules are now converted to Carbon Black search queries.

Sigma Custom Field Mapping

We’ve added all the backends to the Sigma field mapping menu. You can now set automatic replacement for the rule query to your custom fields for your SIEM platform.

In just two clicks, you can seamlessly switch between saved Data Schemes or add a new one right on the Rule Page, and then deploy the rule to your security solution. If the rule for your platform is still in development, please contact us using the “Suggest Update” button, and we’ll add it shortly.

Performance

Apart from adding new features, we are constantly looking for ways to enhance the platform performance. Earlier this month, we increased the TDM’s overall speed by more than 2.4 times, and we did not stop there. Now on the Rule Page, switching between different translations occurs instantly! It really does now.

Usability Features

Help Center

With this release, we’ve added the Help Center section where you can take a quick tour through the main features to unleash the full power of the TDM platform. Make sure you have seen our TDM guide to explore all available functionality. Here you can also contact our Support Team in case you have any issues or concerns. What’s more, you can schedule a call with our Expert to find answers to your questions or request a live demo of extended TDM capabilities provided with Premium subscriptions.

Design

With this latest update, we have redesigned the Rule Page for a more intuitive experience. Now everything you need is always at hand. For your convenience, all the information about the rule is now available in one place, and the context and tags of the rule are on a separate tab.

Session Duration

You will no longer worry that your TDM session expires while having a coffee break. We’ve extended the session duration to 4 hours so that you can switch to other tabs during deployment, and then go back to the platform. No more annoying experience.

“Having collected and analyzed TDM users’ feedback, the SOC Prime team made our best to cover the greater part of users’ suggestions and proposals in the latest TDM release. I hope, now all TDM users can explore new functionality during extended sessions with added best practice tips and recommendations” – Artur Golovko, CPO