SOC Prime Threat Detection Marketplace Now Supports SentinelOne Queries

At SOC Prime, we are constantly broadening the support for various SIEM, EDR, and NTDR solutions. Starting from January 2021, SOC Prime’s Detection as a Code platform delivers curated content for the SentinelOne security solution that enables full XDR protection for endpoint, IoT, and the cloud. SentinelOne was named a Leader in the 2021 Gartner Magic Quadrant for EPP and earned the highest score for all use cases within the 2021 Gartner Critical Capabilities for EPP report.

As a market leader in Detection as Code, SOC Prime is extending support for the SIEM & XDR stack with cutting-edge technologies. We are happy to announce partnership with SentinelOne and full support of their leading XDR Platform. We look forward to exploring new horizons for holistic threat detection across endpoint, cloud, network, IoT and beyond, as well as strengthening its capabilities with our global cybersecurity community.

Andrii Bezverkhyi

Founder, Chief Executive Officer, Chairman at SOC Prime

As of May 2021, SOC Prime’s Threat Detection Marketplace content library aggregates 1,900+ SentineOne content items mapped to the MITRE ATT&CK® framework v.9. Now security performers leveraging the SentileOne platform have the unprecedented ability to utilize highly topical and specific threat detection content in their infrastructure. Along with the Hunting Queries available in the SentinelOne platform, security practitioners can now deploy content from high detection value from Threat Detection Marketplace that consolidates the effort and expertise of the global community of cybersecurity specialists.

To streamline content search, SentinelOne customers can filter available SOC content by the SentinelOne platform on the Content page. For more specific search results based on a certain content type, security performers can also filter detections by SentinelOne Events Queries or Process State Queries.

Once filtered, SentinelOne customers can drill down to the content page and then copy the query source code to their SentinelOne instance on the fly.

To help Security Operations Teams break the limits of being dependent on a single technology for their detection operations, SOC Prime supports on-the-fly translations from the generic Sigma language to other language formats using the Uncoder.IO, including translations into SentinelOne Event Query and Process State Query formats. SOC Prime Team is constantly making improvements to the SentinelOne translations to boost the overall content quality.
SentinelOne users can also leverage the Custom Field Mapping cross-tool functionality to build customized data schema solutions for enhanced SentinelOne deployment.