Delaware, USA ā March 27, 2019 ā With more than a month into making, this was the longest sprint we had to the date to make sure it is well worth your time. Today, weāre glad to bring you the cutting-edge capabilities for threat hunting and detection as a code.
We all love Sigma rules and SIEM rule packages for log-based threat detection and hunting. Continuing our mission to establish the holistic security visibility weāre glad to announce the support for file-based detection, network-based detection and attack simulation tests. To get started with Yara we have added the signature-based public repository of Nextron Systems LOKI & SPARK. As we expand our close partnership with Nextron their premium high quality ruleset, Valhalla, will be available as premium content at the marketplace. Nextron team curates more than 8000 quality tested YARA rules in 6 different categories: APT, Hack Tools, Malware, Web Shells, Threat Hunting and Exploits. Valhallaās database grows by 1500 YARA rules per year: https://www.nextron-systems.com/yara-rule-feed/
For Snort we have added the Emergency Threats OPEN repository. The Emergency Threats PRO subscription will be available as a value-add to Threat Detection Marketplace in near future: https://rules.emergingthreats.net
Atomic Red Team attack simulation tests repository by Red Canary is integrated as well, making TDM a unique instrument for Red, Blue and Purple teams: https://github.com/redcanaryco/atomic-red-team
If you followed us closely enough, you know that before ATT&CK became the āblock chain of cyberā weāve been using the methodology in practice since July 2016. SOC Prime team was first in the world to publicly attribute the infamous NotPetya attack to Sandworm group on July 2nd 2017, same day as Cisco Talos and ESET. Since then, we made it our dream to deliver to the world the capabilities to perform holistic cyber defense audit and on-the-fly attacker attribution. Today weāre one step closer to achieving this goal. As Threat Detection Marketplace is now a de-facto worldās largest vendor-agnostic security content repository we used the knowledge to ātrainā our ATT&CK tagging engine. This gives a real-time online functionality to:
- Use TDM knowledge for strategic planning of Threat Detection
- Find the content that will work with Log Sources you have
- Perform Threat modeling to find gaps in defenses linked directly to Atomic Red Team tests
- Demonstrate detection capabilities on Log, File and Network levels
- Find optimal data sources and SOC content on threats relevant to your company
The top used SIEM platforms in TDMĀ are: Elastic, ArcSight, Splunk, QRadar, Qualys and we can help to maximize their capabilities with TAM and Professional services for deployment and support.
And now content applicability goes beyond SIEM to:
- Any EDR & SIEM that supports Sigma.
- Any EDR & Endpoint Protection that supports Yara.
- Any IDS/IPS that supports Snort.
With more keys per every subscription tier, be sure to check out the licensing tab. Along withĀ it weāve re-factored many TDM parts to provide faster load and search performance. Signing up to the platform became as easy as entering your corporate email and clicking activationĀ link. Seriously, no more forms at the signup process, so if you invite a colleague or a friend they will enjoy the experience.
As we move into the continuous and agile SOC content era weād like to reach out to every content developer out there as weāre about to launch the developer reward program! Follow the news or email toĀ content@socprime.com to for the Developer program.
Enjoy the renewed Threat Detection Marketplace atĀ https://tdm.socprime.comĀ
