Tag: How to

Azure Sentinel Definitive Guide: Diving In Microsoft’s Cloud Platform

Gain insights into the comprehensive Azure Sentinel overview and find out why Microsoft’s platform stands out from other popular SIEMs and how to smoothly get started to boost cyber defense capabilities. There is a growing trend toward moving from legacy on-premise security solutions to the cloud, which allows organizations to reduce costs on the infrastructure, […]

Read More
Creating Google Chronicle Rules in Your Environment

Step-by-Step Guidelines SOC Prime continuously evolves partnership with Chronicle to provide Threat Detection Marketplace users leveraging Google Cloud’s security analytics platform with curated YARA-L 2.0 detections tailored to hunt out threats at Google speed. Currently, our Detection as Code platform offers 500+ Community YARA-L rules written by the SOC Prime Team. Also, Chronicle customers can […]

Read More
Creating Microsoft Azure Sentinel Rules in Your SIEM Instance

SOC Prime Threat Detection Marketplace provides access to 6,000+ Microsoft Azure Sentinel detections, including Queries, Rules, Functions, and Incident Response Playbooks mapped directly to MITRE ATT&CK® to match your organization-specific needs. You can seamlessly find the most relevant detections by applying the Microsoft sorting option and deploy content in a matter of clicks to your […]

Read More
SOC Prime Integration with Microsoft Azure Sentinel, New Features

All SOC Prime Team is currently working remotely (hope you do the same) but such conditions didn’t influence our effectiveness and striving to improve Threat Detection Marketplace (TDM) platform. In this blog we’re thrilled to announce SOC Prime’s 4 new TDM features that come thanks to our 3d party integration with Microsoft Azure Sentinel, which […]

Read More
Elastic for Security Analysts. Part 1: Searching Strings.

Purpose: With Elastic increasing their foothold in the cybersecurity space through the speed and scalability of their solution, we expect more new Elastic users. These users will approach Elastic armed with an intuition built from experience with other platforms and SIEMs. Often this intuition will be directly challenged after a few searches in Elastic. The […]

Read More
Short-Cutting the Threat Hunting Process

Why Short-Cut The Threat Hunting Process? As with any security operations endeavor, we want to balance efficacy and efficiency to produce the best results with the smallest amount of resources. Unfortunately, Threat Hunting is often seen as a ‘luxury’, reserved only for the most advanced sec-ops teams with ample budgets to fund expert resources and […]

Read More
SOC Prime Threat Detection Marketplace – Getting Ready to Explore

SOC Prime Threat Detection Marketplace (SOC Prime TDM) is a community-based library of relevant and actionable threat detection content that has been uniting cybersecurity content authors to stand on the defensive of cyberspace to deliver the best content to the community for more than five years already. SOC Prime TDM provides ready-made tested Rule Packs, […]

Read More
Threat Hunting Basics: Getting Manual

The purpose of this blog is to explain the necessity for manual (non-alert based) analysis methods in threat hunting. An example of effective manual analysis via aggregations/stack counting is provided. Automation Is Necessary Automation is absolutely critical and as threat hunters we must automate where possible as much as possible. However, automation is built on […]

Read More
Uncoder.io User Guide

Introduction to Sigma Sigma, created by Florian Roth and Thomas Patzke, is an open source project and initiative for creating a structured language for SIEM detection content. The concept is analogous to YARA for file-based detections, SNORT for IDS, and STIX for threat intelligence. However, Sigma takes this one step further by abstracting detection concepts […]

Read More
Sigma Rules Guide for ArcSight

Introduction to Sigma Sigma, created by Florian Roth and Thomas Patzke, is an open source project to create a generic signature format for SIEM systems. The common analogy is that Sigma is the log file equivalent of what Snort is to IDS and what YARA is for file based malware detection. However, unlike Snort and […]

Read More