To power the continuous threat coverage and promote customers’ ability to stay up to date with the latest compatible SOC content, we are consistently improving the automation capabilities of our Detection as Code platform. The latest Threat Detection Marketplace version 4.7.0 ensures even more smooth content streaming directly to the security tool of your choice with enhancements to our Continuous Content Management (CCM) module. Moreover, we’ve mastered the Custom Field Mapping functionality to provide the most comfortable look and feel for our users.
CCM Improvements: Jobs & Filters
For a better experience using Jobs, we’ve broadened the job action menu with the Run Now button that allows running the job manually after its creation.
Note: The Run Job button is active and can be clicked if at least 5 minutes have passed since the last job run or if it hasn’t been launched yet. Otherwise, the button won’t be active.
In addition, we’ve added a key platform experience improvement when creating jobs. Security performers can now use the Search field in the Content List drop-down to find easier and faster the specific list they want this job to link to.
Also, with this latest Continuous Content Management release, we’ve made a couple of enhancements to the Filters page:
- The My tab now doesn’t display filters created by the Threat Detection Marketplace Admins that should appear only under the Global tab
- The Global tab now correctly displays the “SOC Prime Team” as the author of this filter category under the Created By and Last Update By columns
Custom Field Mapping Updates
To ensure a consistent look and feel across all our Automation capabilities section, with this release, we’ve made the Custom Field Mapping page similar to the Filters functionality. We’ve added three separate mapping categories depending on the user access privileges. Security performers leveraging the Custom Field Mapping tool can now see three separate tabs:
- My — mapping profiles created for certain platforms by the specific user and not shared across the company
- Company — company-wide mapping profiles shared across all company users
- Global — global mapping profiles created by the Threat Detection Marketplace Admins who can select which companies will have access to these profiles. Global mapping profiles can only be viewed or copied by users without Admin privileges
Threat Detection Marketplace users can manage My and Company mapping profiles in the following ways:
When creating or editing a new mapping profile, security performers can also choose to share it across their company or change its access to the private one by selecting the corresponding checkbox in the profile settings.
The existing Custom Field Mapping profile can also be selected right from the rule page and updated on the fly. Similarly, a new profile can be seamlessly created by clicking the Add new Custom Field Mapping option from the Data Schema drop-down list on the selected platform and content type tab.
Subscribe to Threat Detection Marketplace for free and reach the most relevant SOC content items tagged with particular CVE, TTPs used by APT groups, and multiple MITRE ATT&CK® parameters. Want to craft your own Sigma rules? Join our Threat Bounty program to monetize your threat hunting skills!