Simplify Threat Investigation with a Single UI for All Threat Hunters, Right Within Your Browser
SOC Prime launches The Prime Hunt, an open-source browser extension for threat hunting that acts as the industry-first platform-agnostic UI for all threat hunters, no matter what SIEM or EDR they use. The tool enables security engineers to quickly convert, apply and customize Sigma rules across the widest stack of SIEM and EDR ā directly within their Chrome, Firefox, or Edge browser. A wide variety of security toolkits make it harder to collaborate for threat hunters who speak different query languages and work in diverse environments with their specific interfaces. With The Prime Hunt, teams can concentrate on the hunt itself by breaking through UI and language limitations.Ā
The Prime Hunt is an open-source Lesser General Public License (LGPL) browser add-on that extends the success of Sigma as the platform-agnostic language for threat hunting into a single UI solution. With this add-on, users can easily see which accounts and assets are affected by the suspicious activity detected by the query, single-click to filter query results by any field values that their SIEM or EDR provides, or look for all discovered events. Drill down to CTI or any other external sources that can contribute to your research, like VirusTotal, Anomali, EchoTrail, OpenCTI, or Ultimate IT Security to gain a holistic cyber threat context and proactive visibility into cyber defense gaps.
As the world stands on the brink of a global cyber war, defenders should fight together to combat emerging threats successfully. Inspired by the power of collective cyber defense, we created The Prime Hunt, a technology-agnostic UI for all Blue Teamers that enables scalable threat hunting processes across the rapidly growing environment. A free, open-source-based add-on, available right within your browser. Create pull requests to contribute via GitHub to develop the extension further and make The Prime Hunt capable of everything the defenders need. Let’s build the future of threat hunting and detection, together.
Andrii Bezverkhyi, Founder, CEO and Chairman at SOC Prime
Each SIEM or EDR interface is different, it applies a unique query language, and itās not always user-friendly. For hard-battled cybersecurity experts who have been in the industry for many years, speaking multiple query languages is not a big deal. However, it might be a stumbling block for newcomers to threat hunting. Still, we need to enable them to hone their skills and contribute to collective cyber defense. The Prime Hunt bridges the gap between multiple tools and query languages. Simpler and faster than going into every tool, this is the future of threat hunting and threat detection. Another advantage is that aspiring threat hunters can learn Sigma (recognized as the #1 open source cybersecurity language) on GitHub and work in the UI to generate some specific language gradually mastering KQL and SPL skills to bolster their expertise and join the ranks of cyber defenders.
Currently, The Prime Hunt supports Microsoft Sentinel, Microsoft Defender for Endpoint, Splunk, Elastic (Kibana), IBM QRadar, and ArcSight. This means you can now paste Sigma rule translations from Uncoder.IO or any toolkit you’re using while analyzing hits and matches with the same UI across these supported platforms. Weāre continuously expanding the list of integrations to add support for all Sigma backends and make your threat hunting experience faster and simpler than ever before, regardless of the tool you use.
The Prime Hunt currently supports the ability to track custom fields and customize the field grouping for an even more streamlined threat investigation. For more convenience, weāve also improved the user experience by adding an ability to show or hide fields without values and introduced hotkeys to shave seconds off your hunts.
The add-on is built into your browser, all the code runs in your browser, and all your data belongs to you ā actually, we do not have any of your data as The Prime Hunt does not send anything anywhere. You should verify this by inspecting the add-on source code at our GitHub repo.
As an open-source project, we believe that peer-driven contribution shapes the future of collective cyber defense. Anyone can contribute with a pull request at GitHub to express their voice and enrich the collective industry expertise.
Striving to gain more from the collective cyber defense? Tap into free Detection as Code at https://socprime.com/ and instantly reach fully tested ready-to-use Sigma rules, tagged with ATT&CK and enriched with relevant threat intelligence for the most common SIEM and EDR solutions.
