SOC Prime Platform Integration with GitHub
- Detect WikiLoader Attacks: Adversaries Leverage Fake GlobalProtect VPN Software to Deliver a New Malware Variant via SEO Poisoning - 04.09.2024
- RansomHub Detection: The FBI, CISA, and Partners Warn Against a Growing RaaS Variant Targeting Critical Infrastructure Organizations - 02.09.2024
- UAC-0020 (Vermin) Activity Detection: A New Phishing Attack Abusing the Topic of Prisoners of War at the Kursk Front and Using FIRMACHAGENT Malware - 21.08.2024
Table of contents:
Continuously Stream Selected Detection Content from the SOC Prime Platform to Your GitHub Repository
SOC Prime launches integration with GitHub, enabling security engineers to automatically push prioritized detection content directly to a private GitHub repository. By enabling this capability, teams can stream detection algorithms that match predefined criteria and their current security needs to the GitHub repository of their choice.
Automation is imperative in the modern-day cybersecurity approach for its ability to alleviate the burden of repetitive tasks and minimize the risks of human errors. SOC Prime’s complete product suite for AI-powered Detection Engineering, Automated Threat Hunting & Detection Stack Validation enables organizations to save hours on manual repetitive tasks, accelerate a CI/CD workflow, and empower their cyber defense strategy with a curated feed of behavior rules for emerging and persistent threats.
According to a 2023 survey, 75% of security leaders consider cybersecurity automation to be crucial, marking an increase from 68% in 2022. To effectively address relevant threats, security experts need a comprehensive perspective to prioritize and combat attacks across extensive volumes of data, which can be achieved by redefining a cybersecurity strategy with a shift to automated capabilities. This integration facilitates content prioritization and management while saving hours on manual detection engineering and analyst routines to continuously stay focused on threat research and incident investigation rather than on resource-intensive administrative tasks.
We continuously enhance our technology to equip security teams with advanced solutions to streamline detection engineering & threat hunting operations. Take advantage of The Prime Hunt acting as an open-source browser add-on and a single UI for threat hunters to simplify and speed up threat investigation regardless of the SIEM or EDR in use. Start working on detection rules & queries right from your browser, and in case any detection code refinement or translation to another security language is required, users can automatically move the work to Uncoder AI in a matter of clicks. Updated rules & queries can be instantly deployed to a chosen SIEM, stored in your own custom repository in SOC Prime Platform, or saved on GitHub to make sure you have all detection content in sync.
Instantly Push Detection Content to Your Private GitHub Repo
To take advantage of the newly released functionality and continuously push selected detection content from the Threat Detection Marketplace library to your private GitHub repository, make sure you have configured the following settings on the SOC Prime Platform:
- Set up an integration with your GitHub account.
Note: When configuring the integration with GitHub, note that it is available only for private repositories. Make sure you specify the correct name of your repository and provide your personal access token. You can learn how to create it here.
- Create a Dynamic Content List based on your content selection criteria. For example, all content to detect activity related to CVEs for Windows.
- Configure and run a Job that pushes the content added to the selected List into the GitHub repository you’ve configured. New rules that match the List criteria will be pushed automatically.
Note: When you’re all set, the detection content pushed from the SOC Prime Platform is available on GitHub in different formats depending on the SIEM, EDR, or Data Lake language format you’ve selected. For instance, Microsoft Sentinel Queries will be available in the .txt format, while Microsoft Sentinel Rules will be displayed in the .json format.
Apart from streaming multiple detection content items from the corresponding Dynamic List, security engineers can also push selected detection algorithms one by one directly to the configured GitHub repository. Deployed rules will appear on your GitHub repo as text documents with the corresponding detection code.
Click the Explore Guidelines button to view the step-by-step guide explaining in detail how to configure the integration with GitHub and set up everything to push all content from the List or single content items directly to your private repository.
