Tag: SIEM & EDR

SOC Prime’s Platform Now Supports LimaCharlie4
SOC Prime’s Detection as Code Platform Now Supports LimaCharlie EDR/XDR

SOC Prime’s Detection as Code platform, the world’s largest and most advanced platform for collaborative cyber defense, integrates with 25+ SIEM, EDR, and XDR formats and continuously broadens the support for cloud-based cybersecurity solutions. We are thrilled to announce SOC Prime’s integration with LimaCharlie enabling security professionals to obtain the most relevant detection content tailored […]

Read More
Overcoming Data Schema Complexity
Overcoming Data Schema Complexity for Your SIEM & XDR with the SOC Prime’s Continuous Content Management Module

Security monitoring teams can bypass significant efforts tied to event data normalization by directly deploying schema-aware detection rules with the SOC Prime’s Continuous Content Management module. Today’s cybersecurity landscape is overwhelmed with SIEM systems, EDR, NTDR & SOAR tools, next-gen XDR solutions, and innovative approaches navigating businesses through technology bottlenecks. Organizations tend to keep up […]

Read More
Enable Continuous Content Management with the SOC Prime Platform

With the release of the SOC Prime Platform for collaborative cyber defense, threat hunting, and threat discovery, the capabilities to fully automate detection content streaming have been also taken to a new level. Now, the Continuous Content Management module is available to all users registered on the SOC Prime Platform with a corporate email address, […]

Read More
SOC Prime’s Innovation for Collaborative Cyber Defense

Technical Highlights of the New SOC Prime Platform On September 14th, SOC Prime launches the platform for collaborative cyber defense, threat hunting, and threat discovery. The platform helps to detect threats easier, faster, and simpler by leveraging the de facto industry standard for Detection as Code languages (Sigma and Yara-L), the cutting-edge dynamically prioritized MITRE […]

Read More
Creating Google Chronicle Rules in Your Environment

Step-by-Step Guidelines SOC Prime continuously evolves partnership with Chronicle to provide Threat Detection Marketplace users leveraging Google Cloud’s security analytics platform with curated YARA-L 2.0 detections tailored to hunt out threats at Google speed. Currently, our Detection as Code platform offers 500+ Community YARA-L rules written by the SOC Prime Team. Also, Chronicle customers can […]

Read More
Creating Microsoft Azure Sentinel Rules in Your SIEM Instance

SOC Prime Threat Detection Marketplace provides access to 6,000+ Microsoft Azure Sentinel detections, including Queries, Rules, Functions, and Incident Response Playbooks mapped directly to MITRE ATT&CK® to match your organization-specific needs. You can seamlessly find the most relevant detections by applying the Microsoft sorting option and deploy content in a matter of clicks to your […]

Read More
SIEM Fundamentals (Part 1): First and Foremost, A Data Collection Problem

Introduction The goal of this series is to put readers in the right mindset when thinking about SIEM and describe how to set themselves up for success. While I’m not a Data Scientist and don’t claim to be, I can confidently say that expecting results in security analytics without first having “good data” to work with is folly. This is why […]

Read More
Short-Cutting the Threat Hunting Process

Why Short-Cut The Threat Hunting Process? As with any security operations endeavor, we want to balance efficacy and efficiency to produce the best results with the smallest amount of resources. Unfortunately, Threat Hunting is often seen as a ‘luxury’, reserved only for the most advanced sec-ops teams with ample budgets to fund expert resources and […]

Read More
Threat Hunting Basics: Getting Manual

The purpose of this blog is to explain the necessity for manual (non-alert based) analysis methods in threat hunting. An example of effective manual analysis via aggregations/stack counting is provided. Automation Is Necessary Automation is absolutely critical and as threat hunters we must automate where possible as much as possible. However, automation is built on […]

Read More
Uncoder.io User Guide

Introduction to Sigma Sigma, created by Florian Roth and Thomas Patzke, is an open source project and initiative for creating a structured language for SIEM detection content. The concept is analogous to YARA for file-based detections, SNORT for IDS, and STIX for threat intelligence. However, Sigma takes this one step further by abstracting detection concepts […]

Read More