Sigma Rules Search Engine for Threat Detection, Threat Hunting, and CTI

>_Community DrivenAI[for]CyberDefenders

One Live Community for Collective Cyber Defenders

Stay Ahead of the Curve

How do the world’s largest brands and mission-critical organizations overcome the challenges of threat complexity & the cybersecurity talent shortage? They make security operations Sigma-enabled, future-proof the team’s hard skills, and break through dependency on the SIEM & EDR tech stack while taking its cost efficiency to the limit. Sounds like a dream come true? Read on for the full story on the future of Collective Cyber Defense.

Learn more

Backed by

We believe that our investors reflect and share our team’s core values, a commitment to a better, safer cyber world, through technology, innovation, diversity and privacy. Together, we are building an Open Core company, with an international community at its heart.

DNX Ventures is an early stage VC firm focusing on B2B Startups . We partner with teams that are shaping industries and transforming the way we live and work. We invest in startups solving the biggest challenges for enterprise companies within SaaS/Cloud, Cybersecurity, Deeptech, Sustainability, Hardware, Retail, Finance sectors, and more.https://www.dnx.vc

Streamlined VC is passionate about working with visionary founders to help them create exceptional companies and help them capture as much of that value for themselves as possible – they deserve it! If we stay true to our beliefs and are good at what we do, then we will benefit too.https://www.streamlined.vc/philosophy

Rembrandt Venture Partners bring an operational perspective to their investments, recognizing that growth is not without significant challenges and building businesses is hard. The RVP team brings over 30 years of “C-Level” operating experience and over 60 years of venture capital investing experience.https://rembrandtvc.com/

Atlantic Bridge is a Growth Equity Firm with a Cross Border Value Add strategy. Our team is made up of successful entrepreneurs and senior technology industry executives and we invest in strong ambitious entrepreneurs and management teams that have the passion and drive to scale up and exploit major growth opportunities. https://abven.com/

J-Ventures is a community-driven global venture capital fund of top investors, executives, and founders. Based in Silicon Valley, we operate as a collaborative community of leaders with shared values and a strong network of connected capital.https://www.j-ventures.com/

Code Your Future CV

Let your threat research speak for you. We’re all too busy with our daily work to do test tasks for job applications, and yet it is impossible to test the hard skills of a cyber defender without performing practical tasks. Let your Sigma and ATT&CK knowledge translate into your CV. The one that your peers welcome, understand, and accept. Hard skills make you a professional, soft skills make a great team.

Join Threat Bounty >

#1 Threat Detection Marketplace

Defending over 155 countries, with top rules getting 1,500+ unique downloads, this is the way since 2015. Named “Spotify for Cyber Threats” by TechCrunch and backed for $11.5 million lead by one of the most recognizable Silicon Valley funds, DNX Ventures (Cylance, ICEYE). Three mentions by Gartner as a Cool Vendor for 2H 2019 and 2020 & 2021 SIEM Magic Quadrants.

Shared Expertise

Imagine the code you wrote helps to detect emerging cyber attacks or prevent a power grid outage. We partner with private businesses and cyber defense agencies including NCSC and CERT teams, and provide pro bono consulting to SSSCIP in Ukraine, to test Sigma rules on the real battlefield. In 2022, we started to work with leading Ukrainian universities to train students on Sigma and ATT&CK to bolster the ranks of cyber defenders. This initiative is scaling globally and your contribution makes a difference.

Earn Money

Get bounty for the quality and speed of your work, not for finding bugs. Your thoughtful threat research takes time and is worth a recurring payout. And nothing compares to the rush of helping thousands of cyber defenders and for an extra one-time reward. To keep it easy, bounty is delivered via Stripe and PayPal.

Earn Money with Threat Bounty >

Reviews

4.9
Driven by the community feedback and cutting-edge technologies, we bring the best user experience

12
Our Detection as Code platform receives independent feedback from security experts worldwide

83%
We support and deliver detection and response capabilities to all industries across the globe

Transform
Your SOC with AI

At the core of each threat detection capability lies the combination of timely data and algorithms to find evil. Since 1999, these challenges are addressed with Log Analytics and SIEM systems, generating security alerts. Two decades have passed and most of SIEM tech will help you to deploy hundreds of rules for alerting, while data lakes and built-in fast search databases will extend this with support of a few thousand of threat hunting queries. It is with AI, that we can augment those capabilities to monitor hundreds of thousands of malicious behavior patterns, anomalies and emerging threats, while avoiding double taxation on cost, keeping our privacy and data. SOC Prime delivers AI capabilities to any SOC as SaaS or on premise, as Content.

Green & Responsible

Moving algorithms is orders of magnitude less compute taxing than moving terabytes of data. Which is exactly what SOC Prime is doing: we research emerging threats with help of our community, code detections into rules, queries and AI models, and deliver them to you, instead of asking for your data, duplicating it to our cloud or systems. We always train on premise, so that yours and ours datasets are private and don’t leak to 3rd parties. We will design the most compute efficient way for detecting all the latest threats at your organization, so that we can spare those CPU cycles and help the Planet to carry on.

Open Core

SOC Prime works with a number of open source projects, and contributes feedback and code back, being an Open Core company. In 2023, we have open sourced Uncoder AI, our co-pilot for Detecting Engineering, which can be operated air gapped, or in the cloud, with the latter benefiting from centralization features. Next plans include integrating Uncoder with MITRE TRAM, an open source Apache 2.0 project for language recognition and CTI analysis. With coming up private AI models, we are also sharing the code to operate them.

Zero Trust Architecture

The best way to keep data secret is not to collect it at all. That is why SOC Prime gives detection algorithms to you and does not ask for any of your potentially sensitive data back. Here is our SOC 2 Type II report and GDPR statement to back this claim. We run on Zero Trust Architecture, and put our trust in partnership with you.

No Backchannel

You are in complete control of what feedback you want to share if any at all. We do not ask for root permissions, VPN access to your environments, or your log data. If you’d like to give back to the community, you can do so by commenting on the rule, rating it manually, or via our Discord channel.

Beyond Encryption

No logging, IP or host information shared with third parties. AES-256 & TLS 1.2, Microservice-based architecture, personnel background check, access control, Amazon AWS hosting. We build the platform exceeding security standards to protect the very limited personal data we have on you. And you can always invoke the right to be forgotten, regardless of your location.

ONE
Framework
Platform
Language
UI
for All Cyber Defenders

Powered by

Privacy, transparency, speed and security are at the core of SOC Prime technology. We use the best tech stack with focus on open source, for the maximum benefit of our community, while advancing innovation in cybersecurity.

We run Apache 2.0 licensed RAPIDS AI framework for training at our on premise hardware, which massively helps to accelerate training time, while maintaining privacy of our dataset and members of our Threat Bounty program. With NVIDIA backing RAPIDS has maintained a focus on open source development and collaboration with a broad community of cutting edge data science projects such as SKLearn.

We have selected AWS as our primary cloud for its speed, scalability and high availability. All SOC Prime SaaS services run on a private AWS segment, which coupled with our company’s processes has passed SOC 2 Type II certification successfully for 4 consecutive years. Some of our products, such as Uncoder and privately trained AI models are available at AWS as well as on premise and air gapped use.

In 2024 we have become the world’s first Benefactor of ATT&CK. We’ve applied ATT&CK since its beta, linked it to threat detection rules and queries in 2018, which helped to establish a massive community and launch a crowdsourcing Threat Bounty initiative. We view ATT&CK as fundamental to cyber security as the Periodic table is to physics and chemistry.

Cyber security has to work beyond fast, so to fuel our research and provide our customers with fastest search speeds for threat hunting we rely on OpenSearch. And being an Apache 2.0 open source project, it greatly contributes to our own Open Core company principles.

Threat Report ATT&CK Mapper (TRAM) is an open-source Apache 2.0 platform designed to reduce cost and increase the effectiveness of integrating ATT&CK across the CTI community. The platform works out of the box to identify up to 50 common ATT&CK techniques in text documents; it also supports tailoring the model by annotating additional items and rebuilding the model. We’ve integrated TRAM with RAPIDS to provide ML & AI capabilities to community, cloud and on premise use.

Roota is the endgame language for detection algorithm exchange, easy for newcomers and professionals alike, building up on ideas advocated by Sigma and taking them further. A public-domain language for collective cyber defense, created to make threat detection, incident response, and actor attribution simple. It acts as an open-source wrapper on top of the majority of existing SIEM, EDR, XDR, and Data Lake query languages. If you have mastered at least one specific SIEM language, with Roota you can speak them all.

Sigma rules have delivered on the mission of an easy, shareable query language, geared towards threat hunters and DFIR specialists. We’ve been leading the Sigma community since 2017, advocated its mapping to ATT&CK at the very first EU ATT&CK conference, built Uncoder.IO to provide high quality, enterprise grade translations of Sigma rules, which we have made open-source under Apache 2.0. Over 2 million of Sigma rules were downloaded from SOC Prime in 2023 alone, 70% by our own community.

Uncoder AI is a SaaS counterpart and Augmented Intelligence co-pilot of Uncoder IO, leveraged by the global cyber defender community since 2018 as an industry-first open-source IDE for Detection Engineering.

MITRE ATT&CK

One framework connecting all your industry peers. Similar to the periodic table of elements, MITRE ATT&CK is evidence-based, letting you profile, identify, and compare threat actors, and prioritize your threat detection goals.

SOC Prime has been actively leveraging ATT&CK in threat detection practices and initial cyber attack attribution to facilitate its adoption as the industry benchmark. SOC Prime invented the whole concept of tagging Sigma rules with ATT&CK and applied it to the public NotPetya investigation and the first-pass attribution in 2017. At the very first MITRE ATT&CK EU Community workshop in 2018 in Luxembourg, we solidified the concept into practice with the support of like-minded cyber defense practitioners.

Sigma and ATT&CK, the two open-source standards, have empowered hundreds of researchers to describe attackers’ behavior, while SOC Prime Platform made it easy to discover and analyze adversary TTPs, find blind spots in log source coverage, address existing gaps, prioritize detection procedures, and share the TTP context with peers in 45 major SIEM, EDR, and Data Lake detection languages.

START NOW

Attack Detective

Industry-first SaaS for advanced threat hunting. Validate detection stack in less than 300 seconds with an automated read-only MITRE ATT&CK® data audit, gain real-time attack surface visibility, investigate existing risks matching custom threat hunting scenarios, and prioritize detection procedures to find breaches before adversaries have a chance to attack.

GET STARTED WITH ATTACK DETECTIVE LEARN MORE

Uncoder

Spending precious time managing multiple stacks? With Uncoder.IO backed by Sigma and Roota, an open-source language for collective cyber defense, you can seamlessly speak the language of any technology. No matter how many tools you use, our open-source IDE for Detection Engineering lets anyone convert detection code to multiple SIEM, EDR, XDR, and Data Lake technologies on the fly. No registration, no limits, full privacy.

Get started with Uncoder IO >Contribute via GitHub >

An open-source language for collective cyber defense. RootA is a public-domain language for collective cyber defense to make threat detection, incident response, and actor attribution simple. With Roota acting as a wrapper, cyber defenders can take a native rule or query and augment it with metadata to automatically translate the detection code into any SIEM, EDR, XDR, and Data Lake languages. And if you have mastered a specific cybersecurity language, with RootA and Uncoder IO, you can speak them all.

LEARN MORE CONTRIBUTE VIA GITHUB

name: Possible Credential Dumping Using Comsvcs.dll (via cmdline)
details: Adversaries can use built-in library comsvcs.dll to dump credentials
on a compromised host.
author: SOC Prime Team
severity: high
type: query
class: behaviour
date: 2020-05-24
mitre-attack: t1003.001
timeline:
    2022-04-01 - 2022-08-08: Bumblebee
    2022-07-27: KNOTWEED
    2022-12-04: UAC-0082, CERT-UA#4435
logsource:
    product: Windows                # Sigma or OCSF product
    log_name: Security              # OCSF log name
    class_name: Process Activity    # OCSF class
    #category:                      # Sigma category
    #service:                       # Sigma service
    audit:
      source: Windows Security Event Log
      enable: Computer Configuration -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> System Audit Policies -> Detailed Tracking -> Audit Process
detection:
    language: splunk-spl-query
    body: index=* ((((process="*comsvcs*") AND (process="*MiniDump*")) OR ((process="*comsvcs*") AND (process="*#24*"))) OR ((process="*comsvcs*") AND (process="*full*")))
references:
    - https://badoption.eu/blog/2023/06/21/dumpit.html
tags: Bumblebee, UAC-0082, CERT-UA#4435, KNOTWEED, Comsvcs, cir_ttps, ContentlistEndpoint
license: DRL
version: 1
uuid: 151fbb45-0048-497a-95ec-2fa733bb15dc
#correlation: [] # extended format
#response: []    # extended format

title: UMWorkerProcess Creating Unusual Child Process (via process_creation)
status: stable
description: Detects UMWorkerProcess.exe creating unexpected processes. Possible related to exploitation of CVE-2021-26857.
author: SOC Prime Team, Microsoft
references:
    - https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
    - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857
    - https://www.rapid7.com/blog/post/2022/09/29/suspected-post-authentication-zero-day-vulnerabilities-in-microsoft-exchange-server/
tags:
    - attack.initial_access
    - attack.t1190
logsource:
    category: process_creation
    product: windows
detection:
    selection:
        ParentImage|endswith:
            - 'UMWorkerProcess.exe'
    filter:
        Image|endswith:
            - 'wermgr.exe'
            - 'WerFault.exe'
            - 'UMWorkerProcess.exe'
    condition: selection and not filter
falsepositives:
    - unknown
level: medium

Indicators of compromise:

Files:

2b88885fb57e28497522238bd8f8befc
8ddd681dd834ab66f6a1c00ba2830717bf845de5639708eb8e8ab795ffd1df5a ps (SOCKS5)
5d9a661f35d4e136d389bea878c4252f
eb01925836eed1dbd85a8ab9aa05c5c45dc051abaae9e67db3a53489d776b6c2 pam_unix.so (POEMGATE)
20a07ba71cab0f92c566b31e96fdf0e8
9060ca8e829fc136d1ecd95a5204abb48f3ce5b7339619c5668c7e176dcbb235 pam_unix.so (POEMGATE)
a74dbcae530f52f62cbdcef3dc18feee
e9c5dc9cec95f31cea2eb88cc26a35d29c5f89f23bff6a7cfa1250dec6d5701a pam_unix.so (POEMGATE)
45fad72d370ff88c5b349cb741cc26ce
8fb3ed6261a2358e0890bfd544e515af232f87d3aef947e09f640da7cc1b89d9 wccrt (WHITECAT)
59f2c3f6e4baf721c02a66179147241a
0e24a1268212a790bc3993750f194ac1e0996a6770b32b498341f06abac45d81 libs.so (POSEIDON)
75cde685cd3f00f354155e3c433698c7
e4cff7071e184e3f1bfedfe30afa52ddd2cac1a00983508d142e51ecebfcba14 .1
61b70767326387f141a18e2fbb250a68
b5ec1d43462a770d207eefb906516631e4d80eea55779509616b58b39a764455 script.txt
302f158ca6f6094e90bd43f7748dd65f
65c880f2a3833898c54d7f48ee0709a13887376b2ea5bc933b2e70f29614e728 scan.sh
Network:

eurotelle11[.]com
(IP addresses used for SSH/VPN access)
103[.]251.167.20
103[.]251.167.21
104[.]244.72.8
107[.]189.30.69
139[.]99.237.205
146[.]59.233.33
146[.]59.35.246
156[.]146.63.139
158[.]118.218.193
162[.]247.73.192
162[.]247.74.201
162[.]247.74.206

Sigma

One language to describe any adversary TTP and translate it to any detection code. With Sigma rules, we express threat detection by focusing on behavior and the algorithm itself, cutting the rope to SIEM & EDR query language.

The Prime Hunt

Concentrate on the hunt itself, by breaking through UI limitations. The Prime Hunt is an open-source browser extension to quickly convert, apply and customize Sigma rules across the widest stack of SIEM and EDR. A fresh project launched in October 2022, with plans to embed Uncoder.IO, feedback loops, and anything you can imagine. Be part of the story, and contribute with a pull request at GitHub.

Contribute via GitHub >

Proactive Cyber Defense

The world stands on the brink of a global cyber war. Each side is trying to learn about a new software or configuration flaw so they can have the first-strike advantage. The side that can weaponize and strike first will have a clear upper hand. The defenders, in turn, need to understand the risk, prioritize actions, and then implement a detection and mitigation strategy. The blue team has the odds stacked against them. To overcome these, we can do one thing that the attackers cannot – we can defend together and improve our chances for success.

Faster Than Attackers

With MITRE ATT&CK, the global community of cyber defenders retrospectively describes every common method used in cyber attacks. Meanwhile, the invention of Sigma rules allowed defenders to describe every used and potentially usable attack behavior and logic through the detection code. By fusing ATT&CK and Sigma, we’ve created a knowledge base that is updated every minute and is searchable by defenders at sub-second performance. This presents an opportunity for defenders to learn about threats faster, prioritize in minutes, deploy detection code in an automated fashion and focus their effort on operations and preparing mitigation before adversaries have a chance to attack.

Master the Timeline

Assembling a threat timeline takes time. That’s why we automated it. Complete threat context is now at your fingertips, including: detection code, threat intelligence, CVE descriptions, exploit POCs along with mitigation and media links.

24-hour Threat Coverage

When detecting critical threats, you have no time to spare. Backed by our crowdsourcing initiative, we run follow-the-sun detection engineering operations leaving no chance for emerging threats, exploits, or TTPs to go undetected on your watch.

Hyperscale SIEM Migration

Backed by SOC Prime’s Expertise-as-a-Service and Uncoder AI, you can smoothly navigate the migration challenges and hyperscale your next-gen SIEM adoption. Rely on AI SIEM migration to accelerate the transition of your SIEM and EDR rules and queries. Expand your detection capabilities with Data Lakes. Streamline the onboarding of MDR services, complementing your existing analytics setup. Leverage the diverse SOC Prime partner ecosystem to strengthen your Threat Hunting and Detection Engineering strategies, ensuring rapid scalability and ongoing SOC efficiency enhancement.

START AI SIEM MIGRATION JOURNEY

Splunk Migration & Support

Maximize your Splunk ROI and accelerate time to value while increasing threat detection & hunting velocity with SOC Prime’s professional services. Considering Splunk migration to a new-scale SIEM? Supercharge the migration journey powered by Uncoder AI to smoothly translate and transition terabytes of data while saving up to 3 months of time on your migration project.

LEARN MORE

Name	Descripiton
PHPSESSID	Preserves user session state across page requests. Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages.
sp_i	Used to store information about authenticated User.
sp_r	Used to store information about authenticated User.
sp_a	Used to store information about authenticated User.

Name	Descripiton
tuuid	Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded.
tuuid_last_update	Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded.
um	Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded.
umeh	Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded.
na_sc_x	Used by the social sharing platform AddThis to keep a record of parts of the site that has been visited in order to recommend other parts of the site.
APID	Collects anonymous data related to the user's visits to the website.
IDSYNC	Collects anonymous data related to the user's visits to the website.
_cc_aud	Collects anonymous statistical data related to the user's website visits, such as the number of visits, average time spent on the website and what pages have been loaded. The purpose is to segment the website's users according to factors such as demographics and geographical location, in order to enable media and marketing agencies to structure and understand their target groups to enable customised online advertising.
_cc_cc	Collects anonymous statistical data related to the user's website visits, such as the number of visits, average time spent on the website and what pages have been loaded. The purpose is to segment the website's users according to factors such as demographics and geographical location, in order to enable media and marketing agencies to structure and understand their target groups to enable customised online advertising.
_cc_dc	Collects anonymous statistical data related to the user's website visits, such as the number of visits, average time spent on the website and what pages have been loaded. The purpose is to segment the website's users according to factors such as demographics and geographical location, in order to enable media and marketing agencies to structure and understand their target groups to enable customised online advertising.
_cc_id	Collects anonymous statistical data related to the user's website visits, such as the number of visits, average time spent on the website and what pages have been loaded. The purpose is to segment the website's users according to factors such as demographics and geographical location, in order to enable media and marketing agencies to structure and understand their target groups to enable customised online advertising.
dpm	Via a unique ID that is used for semantic content analysis, the user's navigation on the website is registered and linked to offline data from surveys and similar registrations to display targeted ads.
acs	Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
clid	Collects anonymous data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.
KRTBCOOKIE_#	Registers a unique ID that identifies the user's device during return visits across websites that use the same ad network. The ID is used to allow targeted ads.
PUBMDCID	Registers a unique ID that identifies the user's device during return visits across websites that use the same ad network. The ID is used to allow targeted ads.
PugT	Registers a unique ID that identifies the user's device during return visits across websites that use the same ad network. The ID is used to allow targeted ads.
ssi	Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.
_tmid	Registers a unique ID that identifies the user's device upon return visits. The ID is used to target ads in video clips.
wam-sync	Used by the advertising platform Weborama to determine the visitor's interests based on pages visits, content clicked and other actions on the website.
wui	Used by the advertising platform Weborama to determine the visitor's interests based on pages visits, content clicked and other actions on the website.
AFFICHE_W	Used by the advertising platform Weborama to determine the visitor's interests based on pages visits, content clicked and other actions on the website.
B	Collects anonymous data related to the user's website visits, such as the number of visits, average time spent on the website and what pages have been loaded. The registered data is used to categorise the users' interest and demographical profiles with the purpose of customising the website content depending on the visitor.
1P_JAR	These cookies are used to gather website statistics, and track conversion rates.
APISID	Google set a number of cookies on any page that includes a Google reCAPTCHA. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google reCAPTCHA users.
HSID	Google set a number of cookies on any page that includes a Google reCAPTCHA. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google reCAPTCHA users.
NID	Google set a number of cookies on any page that includes a Google reCAPTCHA. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google reCAPTCHA users.
SAPISID	Google set a number of cookies on any page that includes a Google reCAPTCHA. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google reCAPTCHA users.
SID	Google set a number of cookies on any page that includes a Google reCAPTCHA. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google reCAPTCHA users.
SIDCC	Security cookie to protect users data from unauthorised access.
SSID	Google set a number of cookies on any page that includes a Google reCAPTCHA. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google reCAPTCHA users.
__utmx	This cookie is associated with Google Website Optimizer, a tool designed to help site owners improve their wbesites. It is used to distinguish between two varaitions a webpage that might be shown to a visitor as part of an A/B split test. This helps site owners to detemine which version of a page performs better, and therefore helps to improve the website.
__utmxx	This cookie is associated with Google Website Optimizer, a tool designed to help site owners improve their wbesites. It is used to distinguish between two varaitions a webpage that might be shown to a visitor as part of an A/B split test. This helps site owners to detemine which version of a page performs better, and therefore helps to improve the website.

Name	Descripiton
_hjid	Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
_hjIncludedInSample	This cookie is associated with web analytics functionality and services from Hot Jar, a Malta based company. It uniquely identifies a visitor during a single browser session and indicates they are included in an audience sample.
intercom-id-[xxx]	This cookie is used by Intercom as a session so that users can continue a chat as they move through the site.
intercom-session-[xxx]	Used to keeping track of sessions and remember logins and conversations.
demdex	Via a unique ID that is used for semantic content analysis, the user's navigation on the website is registered and linked to offline data from surveys and similar registrations to display targeted ads.
CookieConsent	Stores the user's cookie consent state for the current domain.
__cfduid	Used by the content network, Cloudflare, to identify trusted web traffic.
ss	These cookies enable the website to provide enhanced functionality and personalisation . They may be set by us or by third party providers whose services we have added to our pages. These services may include the Live Chat facility, Contact Us form(s), the Product Quotation forms and submission process, and the Email Newsletter sign up functionality .

Name	Descripiton
_ga	This cookie name is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page. Registers a unique ID that is used to generate statistical data on how the visitor uses the website. request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.
_gat	Used by Google Analytics to throttle request rate. This cookie name is associated with Google Universal Analytics, according to documentation it is used to throttle the request rate - limiting the collection of data on high traffic sites. It expires after 10 minutes.
_gid	This cookie name is asssociated with Google Universal Analytics. This appears to be a new cookie and as of Spring 2017 no information is available from Google. It appears to store and update a unique value for each page visited. Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
IDE	Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.
r/collect	Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.
test_cookie	Used to check if the user's browser supports cookies.
collect	Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.
ads/user-lists/#	These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.
c	Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.
khaos	Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.
put_#	Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.
rpb	Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.
rpx	Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.
tap.php	Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.