SOC Prime Threat Detection Marketplace is a content platform that enables security professionals to spot and respond to cyber threats using SIEM, EDR, and SOAR tools. Threat Detection Marketplace (TDM) is an online library of over 57,000 SIEM & EDR rules, queries, and more designed to work directly in the SIEM platform you already own. TDM contains SOC ready dashboards, rule packages, and Sigma rules updated daily and streamed via API. 93% of the content is mapped to MITRE ATT&CK framework aimed at uncovering the latest Malware, APT actors activity, Exploitation attempts, and enabling real–time Forensics and TTP threat actor attribution use cases across on–premise and cloud data.
Last week we enriched TDM with support for the rules for the Humio SIEM platform. Now all Humio users can use content available on our platform to search and uncover threats.
Explore the newly added integration. Login to TDM and go to the rule Search page. To see the list of rules available for the Humio platform, navigate to Filters, specify the platform, and click the Apply button.
When the Humio platform filter is applied, you should see the list of the Sigma rules that are already converted to Humio search query language. Already we have more than 1720 rules for the newly added SIEM, and in the near future there will be even more
Click on the ‘View’ button to get the rule details. In the opened window you will see the search query. Copy the query by clicking anywhere in the query area, the query will be copied to the buffer automatically.
After that you will be able to paste and query to the Humio web console and hunt for the threats:
Uncoder.IO is the open–source security tool that can translate Sigma rules into SIEM saved searches and queries. If you’re interested in how this tool helps SOC Analysts and Threat Hunters worldwide, read the following article on our blog.
Now uncoder.io supports the Humio query language. You can now expand detection of the threats in your network using all the community available sigma rules.
- Specify the input query language. The first step to convert Sigma Rules is into a Humio query is selecting Sigma as the “Input Language”:
- Fill in the box with the Sigma rule. You can paste a custom query into the left text box, or select a Sigma query from the drop–down:
- Specify the target query language. Select “Humio” as the Output language on the right box panel.
- Click the Translate button. Now you can copy the translated query and leverage the results to search panel in your Humio installation
“We try to help as many organizations as possible get access to quality detection content in order to maximize the effectiveness of their security solutions. Integration with Humio will allow SIEM engineers across the globe to use off–the–shelf rules, saving time on content development. In a future release, we will further deepen integration and add the ability to make searches in Humio with one click from the Threat Detection Marketplace console” – Aleks Bredikhin, CTO