SOC Prime Threat Detection MarketplaceProduct Overview
- About SOC Prime Threat Detection Marketplace
- Pros of SOC Prime Threat Detection Marketplace
- Cons of SOC Prime Threat Detection Marketplace
- Breakdown of core features
SOC Prime Threat Detection Marketplace product overview
SOC Prime Threat Detection Marketplace (TDM) is an SaaS content platform and a cyber community that provides detection, enrichment, integration, and automation algorithms to translate big data, logs, and cloud telemetry into actionable signals linked to cybersecurity. SOC Prime TDM empowers security professionals with detection content including 55k+ SIEM and EDR rules, search queries, Snort, and YARA rules. It’s all tailored to work directly in the environment that fits customer needs. The platform provides rules, parsers, and Machine Learning models covering the latest threats, cloud security monitoring, and proactive exploit detection including Sigma rules with custom translations updated daily and streamed via an API. SOC Prime TDM is a pioneer follower of the Sigma language collaborating with the global community of 300+ security researchers. Offering Sigma content reveals a scalable approach to the security content development since Sigma is considered a generic and open SIEM signature format that can be applied across various solutions. SOC Prime provides detection-specific content mapped directly to the MITRE ATT&CK® framework enabling organizations to apply content focused on threats and that addresses vulnerabilities vitally relevant to their business.
Pros of SOC Prime
With SOC Prime TDM, companies can detect and respond to cyber threats at the earliest stages of the threat lifecycle, strengthening their resources against attacks and reducing the number of false-positive incidents. Mapping 94% of the TDM content to the ATT&CK framework allows organizations to gain quick wins in security analytics through tactical implementation of detection content matching their threat profile.
By applying the generic Sigma rule language, TDM streamlines research, development, and implementation of detection content for multiple SIEM and EDR platforms. The Custom Data Schema/Sigma Field Mapping feature allows customizing Sigma translations for various environments and prevents potential parsing errors that are quite common during complex manual mapping configuration.
Cons of SOC Prime
One of the challenges a new TDM user might face is a slightly steep learning curve that focuses on the tech-savvy target audience. Still, SOC Prime is constantly looking for ways to make onboarding and more advanced use of the platform quite accessible and supportive with in-depth documentation, tutorial videos, live product demo demonstrations, and expert sessions.
Breakdown of core features
More than 94% of the TDM content is mapped directly to the MITRE ATT&CK framework that helps organizations choose content that perfectly matches their unique threat profile. Mapping content to ATT&CK is also a reflection of quality and topicality of the detections crafted by the SOC Prime Team and Threat Bounty Program developers. The MITRE ATT&CK page at TDM covers all available Techniques, Actors, and Tools mapped to the TDM content. The platform uses color-coding to mark content that matches a certain ATT&CK Technique for detecting threats (Blue Team), simulating attacks (Red Team), or both (Purple Team). Selecting a Technique allows drilling down to the list of its details, like Actors and Tools applying this Technique, log sources required for this Technique, and rules matching this particular Technique. TDM search capabilities allow making the most of continuous tagging for filtering the content by threat Actors, Techniques, Tools, and other ATT&CK features.
Rule Master is a pre-generated filtering functionality that streamlines the TDM content search by getting search results tailored to the actual log sources in a particular environment. With the configured Rule Master feature, the TDM users no longer need to manually set up basic filters by their available log sources and platform specifics each time they need to search for content. This feature allows customizing basic settings tied to a particular platform, application, or applied network equipment. By delving even deeper into expert settings, search results can be tailored to the ATT&CK framework, such as Tools, Actors, Techniques, or narrowed down to log and data sources available in a certain environment by the Category, Vendor and EventID parameters. The Rule Master filtering functionality automates the search process by focusing on the most relevant content.
Sigma Sigma Field Mapping
This feature allows building custom mapping configuration for most log sources and platforms that can be automatically applied to Sigma rules at TDM. A newly redesigned flow allows smoothly switching between the platforms and customizing Sigma translations for various environments. Custom translations are automatically applied to the rule log names. This streamlines the custom field mapping process and helps avoid parsing issues. SOC Prime TDM has substantially invested into the customer support resources to make sure that all community members can smoothly get started with the platform and dive deeper into its functionality. The Help Center capacities deliver smooth onboarding from the interactive getting started guide that can help newcomers quickly settle in to a more detailed how-to guide with a comprehensive overview of the core platform functionality. Apart from that, there are tutorial videos that allow watching the platform in action and an ability to get in touch with the Support Team to address the most pressing issues and concerns. For those community members who wish to touch the platform capabilities with the TDM experts, scheduling a call for a live product demo looks like a perfect option. All Premium subscriptions provide SLA support and offer guided remote Customer Success sessions with an expert in a particular SIEM technology.
(Last updated on 06/09/2020 by Marshall Bright)