socprime.com
Open in
urlscan Pro
52.58.83.171
Public Scan
Submitted URL: http://socprime.com/
Effective URL: https://socprime.com/
Submission: On November 14 via manual from US — Scanned from DE
Effective URL: https://socprime.com/
Submission: On November 14 via manual from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
You need to enable JavaScript to run this app.
Why SOC Prime?
Why SOC Prime?
Transforming threat detection
Sigma
History of Sigma evolution
Center of Excellence for Microsoft Sentinel
SOC Prime & Microsoft industry expertise
Center of Excellence for Amazon Web Services
SOC Prime & AWS industry expertise
Platform
Platform Overview
Check Platform highlights at a glance
Discover
Evolve threat detection capability
Hunt
Increase threat hunting velocity
Manage
Maximize the efficiency of your cyber defense
Automate
Enable continuous threat coverage
Quick Hunt
Uncoder CTI
Uncoder AI
Community
Community
One live community for collective cyber defenders
Threat Bounty
Monetize your Threat Detection content
Partner Programs for Universities
Sigma & MITRE ATT&CK® Education
Resources
Blog
Research, guides, interviews
News
Headlines in cyberspace
Events
Stay tuned to our cybersecurity events
Use Cases
Dashboards, rules, parsers, ML
Integrations
Work together for a safer cyber future
Customer Success Stories
Learn how global organizations trust SOC Prime
Detection as Code
Explore our latest innovation reports
Tools
Uncoder.IO
The Prime Hunt browser extension:
Chrome
Firefox
Edge
Company
About Us
Our story and mission
Industry Recognition
Verified value for cybersecurity
Leadership
SOC Prime's leadership team
Careers
Job opportunities at SOC Prime
Privacy
SOC Prime’s privacy-centric mindset
SOC 2 Type II Compliance
Benchmark for security compliance
Pricing
LOG IN
SIGN UP
KNOW ALL ABOUT CYBER ATTACKS, ACT BEFORE THEY HIT
Sigma Rules
MITRE ATT&CK®
CVE
Ransomware
Log Sources
SEARCH
Trending
cve-2023-47246
cve-2023-4966
cve-2023-22518
lolbin
cve-2023-36745
t1486
t1113
cve-2023-3519
cve-2023-29357
cert.gov.ua
Latest content updates
CONNECTING
30,000+
Users
600+
Threat researchers
8,000+
Organizations
TRUSTED BY
42%
Fortune 100
30%
Global 500
21%
Global 2000
World's top 5 consumer goods company, Fortune 500
3rd largest solid waste management company in the USA, Global 2000
World's largest building society, top 3 provider of mortgages in the UK
Leading Enterprise System Integrator and Solution Provider
Member of the Big Four, Fortune 500
Case Study
Global technology consulting and digital solutions company
Case Study
Named to the Top 250 MSSPs List for 2022, part of Entelgy Group
Case Study
Largest telecom provider in the UK, Fortune 500, Global 2000
One of Canada's largest DB pension plan providers
Top MDR in Europe, US & Asia, Trusted Introducer member
Case Study
Top US MDR provider, MISA member
Case Study
One of UK's largest telecom & media companies, Fortune 500, Global 2000
Top South Korean MSSP, MISA member, Part of ST Telemedia Cloud
BNP Paribas Group subsidiary, one of the largest Ukrainian banks
Case Study
Global leader in container shipping and port management, Fortune 500
STAY AHEAD OF THE CURVE
How do the world’s largest brands and mission-critical organizations overcome
the challenges of threat complexity & the cybersecurity talent shortage? They
make security operations Sigma-enabled, future-proof the team’s hard skills, and
break through dependency on the SIEM & EDR tech stack while taking its cost
efficiency to the limit. Sounds like a dream come true? Read on for the full
story on the future of Collective Cyber Defense.
READ ONTALK WITH SALES
>_Proactive[cyber]SecurityBuilt Together[by]Community
SIGN UP
Faster Than Attackers
PROACTIVE CYBER DEFENSE
The world stands on the brink of a global cyber war. Each side is trying to
learn about a new software or configuration flaw so they can have the
first-strike advantage. The side that can weaponize and strike first will have a
clear upper hand. The defenders, in turn, need to understand the risk,
prioritize actions, and then implement a detection and mitigation strategy. The
blue team has the odds stacked against them. To overcome these, we can do one
thing that the attackers cannot - we can defend together and improve our chances
for success.
FASTER THAN ATTACKERS
With MITRE ATT&CK, the global community of cyber defenders retrospectively
describes every common method used in cyber attacks. Meanwhile, the invention of
Sigma rules allowed defenders to describe every used and potentially usable
attack behavior and logic through the detection code. By fusing ATT&CK and
Sigma, we've created a knowledge base that is updated every minute and is
searchable by defenders at sub-second performance. This presents an opportunity
for defenders to learn about threats faster, prioritize in minutes, deploy
detection code in an automated fashion and focus their effort on operations and
preparing mitigation before adversaries have a chance to attack.
SEARCH NOW
MASTER THE TIMELINE
Assembling a threat timeline takes time. That's why we automated it. Complete
threat context is now at your fingertips, including: detection code, threat
intelligence, CVE descriptions, exploit POCs along with mitigation and media
links.
Media
12 Oct 2022
CVE
13 Oct 2022
#threatintel
13 Oct 2022
Exploit
17 Oct 2022
Sigma Rule
21 Oct 2022
24-HOUR THREAT COVERAGE
When detecting critical threats, you have no time to spare. Backed by our
crowdsourcing initiative, we run follow-the-sun detection engineering operations
leaving no chance for emerging threats, exploits, or TTPs to go undetected on
your watch.
Zero Trust Architecture
WE KEEP YOUR SECRETS, WE RESPECT YOUR PRIVACY
ZERO TRUST ARCHITECTURE
The best way to keep data secret is not to collect it at all. That is why SOC
Prime gives detection algorithms to you and does not ask for any of your
potentially sensitive data back. Here is our SOC 2 Type II report and GDPR
statement to back this claim. We run on Zero Trust Architecture, and put our
trust in partnership with you.
NO BACKCHANNEL
You are in complete control of what feedback you want to share if any at all. We
do not ask for root permissions, VPN access to your environments, or your log
data. If you'd like to give back to the community, you can do so by commenting
on the rule, rating it manually, or via our Discord channel.
BEYOND ENCRYPTION
No logging, IP or host information shared with third parties. AES-256 & TLS 1.2,
Microservice-based architecture, personnel background check, access control,
Amazon AWS hosting. We build the platform exceeding security standards to
protect the very limited personal data we have on you. And you can always invoke
the right to be forgotten, regardless of your location.
Sigma
ONE
LANGUAGE
FRAMEWORK
UI
PLATFORM
FOR ALL CYBER DEFENDERS
SIGMA
One language to describe any adversary TTP and translate it to any detection
code. With Sigma rules, we express threat detection by focusing on behavior and
the algorithm itself, cutting the rope to SIEM & EDR query language.
* SecurityEvent | where EventID == 4688 | where ((ParentProcessName endswith @'\UMWorkerProcess.exe') and ((NewProcessName !endswith @'\wermgr.exe' or NewProcessName !endswith @'\werfault.exe')))
* 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
title: UMWorkerProcess Creating Unusual Child Process (via
process_creation)
status: stable
description: Detects UMWorkerProcess.exe creating unexpected
processes. Possible related to exploitation of CVE-2021-26857
.
author: SOC Prime Team, Microsoft
references:
- https://www.microsoft.com/security/blog/2021/03/02/hafnium
-targeting-exchange-servers/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE
-2021-26857
- https://www.rapid7.com/blog/post/2022/09/29/suspected-post
-authentication-zero-day-vulnerabilities-in-microsoft
-exchange-server/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: process_creation
product: windows
detection:
selection:
ParentImage|endswith:
- 'UMWorkerProcess.exe'
filter:
Image|endswith:
- 'wermgr.exe'
- 'WerFault.exe'
- 'UMWorkerProcess.exe'
condition: selection and not filter
falsepositives:
- unknown
level: medium
הההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההה
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
* source="WinEventLog:*" AND ((ParentImage="*\\UMWorkerProcess.exe") AND NOT ((Image="*\\wermgr.exe" OR Image="*\\werfault.exe")))
* SELECT UTF8(payload) from events where LOGSOURCETYPENAME(devicetype)='Microsoft Windows Security Event Log' and ("ParentImage" ilike '%\UMWorkerProcess.exe') and not (("Image" ilike '%\wermgr.exe' or "Image" ilike '%\werfault.exe'))
* ((ParentBaseFileName="*\\UMWorkerProcess.exe") AND NOT ((ImageFileName="*\\wermgr.exe" OR ImageFileName="*\\werfault.exe")))
* (process.parent.executable.text:*\\UMWorkerProcess.exe AND (NOT (process.executable.text:(*\\wermgr.exe OR *\\werfault.exe))))
* SELECT * FROM windows WHERE (process.parent.executable ILIKE "%\\UMWorkerProcess.exe") AND NOT (process.executable ILIKE "%\\wermgr.exe" OR process.executable ILIKE "%\\werfault.exe")
* index = activity AND (rg_functionality = "Microsoft Windows" AND (@sourceprocessname ENDS WITH "\UMWorkerProcess.exe") AND NOT (((@destinationprocessname ENDS WITH "\wermgr.exe" OR @destinationprocessname ENDS WITH "\werfault.exe") OR (@customstring54 ENDS WITH "\wermgr.exe" OR @customstring54 ENDS WITH "\werfault.exe"))))
* Microsoft Sentinel
* Sigma
* Splunk
* QRadar
* CrowdStrike
* Elastic
* Snowflake
* Securonix
* Show more
MITRE ATT&CK
One framework connecting all your industry peers. Acting as a periodic table,
MITRE ATT&CK lets you profile, identify, and compare threat actors, and
prioritize your threat detection goals. We pioneered tagging Sigma with ATT&CK
to help you always get clear answers on what exactly to detect in your
organization.
Content View
MITRE ATT&CK® View
UNCODER .IO
Spending precious time managing multiple stacks? With Uncoder.IO backed by
Sigma, you can speak the language of any technology. No matter how many tools
you use, our online Sigma translation engine lets anyone convert detection code
to 25+ SIEM & XDR formats on the fly. No registration, no limits, full privacy.
Get started Uncoder.IO >
Sigma
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
title: UMWorkerProcess Creating Unusual Child Process (via process_creation)
status: stable
description: Detects UMWorkerProcess.exe creating unexpected processes.
Possible related to exploitation of CVE-2021-26857.
author: SOC Prime Team, Microsoft
references:
- https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting
-exchange-servers/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857
- https://www.rapid7.com/blog/post/2022/09/29/suspected-post
-authentication-zero-day-vulnerabilities-in-microsoft-exchange
-server/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: process_creation
product: windows
detection:
selection:
ParentImage|endswith:
- 'UMWorkerProcess.exe'
filter:
Image|endswith:
- 'wermgr.exe'
- 'WerFault.exe'
- 'UMWorkerProcess.exe'
condition: selection and not filter
falsepositives:
- unknown
level: medium
הההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההה
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Kibana Saved Search
Elastic Watcher
{
"_id": "00000000-0000-0000-0000-000000000000-UMWorkerProcess-Creating-Unusual-Child-Process-via-process_creation",
"_type": "search",
"_source": {
"title": "Sigma: UMWorkerProcess Creating Unusual Child Process (via process_creation)",
"description": "Detects UMWorkerProcess.exe creating unexpected processes. Possible related to exploitation of CVE-2021-26857. Author: SOC Prime Team, Microsoft. License: https://github.com/Neo23x0/sigma/blob/master/LICENSE.Detection.Rules.md. Reference: https://tdm.socprime.com/tdm/info/dcUD8bXfLwWT.",
"hits": 0,
"columns": [],
"sort": [
"@timestamp",
"desc"
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\": \"winlogbeat-*\", \"filter\": [], \"highlight\": {\"pre_tags\": [\"@kibana-highlighted-field@\"], \"post_tags\": [\"@/kibana-highlighted-field@\"], \"fields\": {\"*\": {}}, \"require_field_match\": false, \"fragment_size\": 2147483647}, \"query\": {\"query_string\": {\"query\": \"(event.category:process AND process.parent.executable:/.*[Uu][Mm][Ww][Oo][Rr][Kk][Ee][Rr][Pp][Rr][Oo][Cc][Ee][Ss][Ss]\\\\.[Ee][Xx][Ee]/ AND (NOT process.executable:(/.*[Ww][Ee][Rr][Mm][Gg][Rr]\\\\.[Ee][Xx][Ee]/ OR /.*[Ww][Ee][Rr][Ff][Aa][Uu][Ll][Tt]\\\\.[Ee][Xx][Ee]/ OR /.*[Uu][Mm][Ww][Oo][Rr][Kk][Ee][Rr][Pp][Rr][Oo][Cc][Ee][Ss][Ss]\\\\.[Ee][Xx][Ee]/)))\", \"analyze_wildcard\": true}}}"
}
}
}
Copy
SIGMA RULES BOT
Came up with a mind-blowing Sigma rule? We meet you where you are – in Slack.
Code, test, and tag your rule with ATT&CK in no time, taking advantage of the
built-in checks and settings. Get feedback from industry peers, hone your
skills, and share your expertise with the world.
THE PRIME HUNT
Concentrate on the hunt itself, by breaking through UI limitations. The Prime
Hunt is an open-source browser extension to quickly convert, apply and customize
Sigma rules across the widest stack of SIEM and EDR. A fresh project launched in
October 2022, with plans to embed Uncoder.IO, feedback loops, and anything you
can imagine. Be part of the story, and contribute with a pull request at GitHub.
Contribute via GitHub >
SOC Analysts
ONE LIVE COMMUNITY FOR COLLECTIVE CYBER DEFENDERS
Join on Discord >
* SOC ANALYSTS
Struggling with a never-ending stream of alerts and limited time to
investigate them? Still pivoting between dozens of tools to manually generate
alert context? Join our community to triage alerts faster while improving
precision, easily find complete context in one place, access peer reviews of
alert logic, chat live in the community Discord channels with experts on
every SIEM and EDR, and train on new skills to grow your career faster.
* THREAT HUNTERS
Low caffeine level, procrastination, and uncertainty on where to start your
hypothesis validation? Tap into over 9,000 ideas of prepared, tested and
MITRE ATT&CK tagged threat hunting queries for most common SIEMs and EDRs,
ready to be used, tuned, and improved. So that you can find evil and finish
that report on time. Drink coffee together in good company. Worldwide.
Online.
* DETECTION ENGINEERS
Which logging pipeline do we optimize first? Do we have data and rules to
detect the latest CVE exploitation or confirm no IOC matches with confidence?
Deploy detection rules to production faster by building on the research that
was already done and coded into Sigma rules. Customize filters and optimize
performance for any SIEM backend, by boosting your unique expertise with
better tools. Solve the most complex detection engineering tasks together.
* SOC & IR MANAGERS
Your SOC Analysts are too slow with alert triage and SOAR did not fix it.
Meanwhile, Threat Hunters are always "in process" while tasks are “in
progress”. Detection Engineers cannot implement your logging plan because the
scope changes every month and always ask to increase SIEM capacity. To win
time, you regularly end up with manually crafting metrics reports for CISO.
Implement a revolutionary change to the process by making detection and
response Sigma-enabled and aligned with MITRE ATT&CK. To win time, you
regularly end up with manually crafting metrics reports for your CISO.
Improve your MTTD & MTTR, just like your peers have been doing since 2018.
Speak with us
* CISOS
Threat Actors do sleep and take rest, and you deserve your weekends too. Win
battles with the team and tools you have, not the ones you read about in
vendor marketing materials. Together, we can implement the strategy for
Collective Cyber Defense to overcome any threat. Let's talk
* SOC Analysts
* Threat Hunters
* Detection Engineers
* SOC & IR Managers
* CISOs
CODE YOUR FUTURE CV
Let your threat research speak for you. We're all too busy with our daily work
to do test tasks for job applications, and yet it is impossible to test the hard
skills of a cyber defender without performing practical tasks. Let your Sigma
and ATT&CK knowledge translate into your CV. The one that your peers welcome,
understand, and accept. Hard skills make you a professional, soft skills make a
great team.
Join Threat Bounty >
* Content View
Author View
* Content View
Author View
* Content View
Author View
* Content View
Author View
* Windows
* Exploit
* Azure
* Linux
#1 THREAT DETECTION MARKETPLACE
Defending over 155 countries, with top rules getting 1,500+ unique downloads,
this is the way since 2015. Named "Spotify for Cyber Threats" by TechCrunch and
backed for $11.5 million lead by one of the most recognizable Silicon Valley
funds, DNX Ventures (Cylance, ICEYE). Three mentions by Gartner as a Cool Vendor
for 2H 2019 and 2020 & 2021 SIEM Magic Quadrants.
SIGN UP NOW
SHARED EXPERTISE
Imagine the code you wrote helps to detect emerging cyber attacks or prevent a
power grid outage. We partner with private businesses and cyber defense agencies
including NCSC and CERT teams, and provide pro bono consulting to SSSCIP in
Ukraine, to test Sigma rules on the real battlefield. In 2022, we started to
work with leading Ukrainian universities to train students on Sigma and ATT&CK
to bolster the ranks of cyber defenders. This initiative is scaling globally and
your contribution makes a difference.
EARN MONEY
Get bounty for the quality and speed of your work, not for finding bugs. Your
thoughtful threat research takes time and is worth a recurring payout. And
nothing compares to the rush of helping thousands of cyber defenders and for an
extra one-time reward. To keep it easy, bounty is delivered via Stripe and
PayPal.
Earn Money with Threat Bounty >
REVIEWS
* GOOD PRODUCT AND SERVICES
Oct 10, 2020
Good Product and Services, SOC Prime Threat Detection Management always has
up-to-date content for the latest attack tactic and techniques which is
useful for all our customers for detect, prevent and analysis.
Read More
INDUSTRY
Services
FIRM SIZE
<50M USD
ROLE
Consultant
* A GOOD SUPPORT IN OUR PROJECT OF MIGRATION FROM ONE SIEM TO ANOTHER.
Sep 16, 2020
At organisation, we are in the process of migrating from one SIEM technology
to another one. This was an opportunity to review the use case library and to
develop them following well-known framework such as MITRE ATT&CK. Using SOC
Prime helps to quickly identify use cases related to the technologies to
monitor and the tactics, techniques and procedures of the attackers. TDM
helps us to make more effective security monitoring rules, to port them to
the new platform and eventually to reduce the time to prod of the use cases.
Read More
INDUSTRY
Services
FIRM SIZE
<50M USD
ROLE
Analyst
* SOC PRIME REVIEW FOR A GLOBAL FINANCIAL SERVICES CORPORATION
Sep 10, 2020
SOC Prime has proved to be a very useful purchase for our content development
team over the past year. TDM always has up-to-date content for the latest
attack tactic and techniques. TDM has also enabled our organization to map
our detections to the MITRE ATT&CK framework. TDM has also saved our content
development team many hours of work.
Read More
INDUSTRY
Finance
FIRM SIZE
30B + USD
ROLE
Security and Risk Management
* TDM HELP US BEING ON TOP OF NEW CVES
Sep 8, 2020
Experience with TDM has been good so far. It is helping us improve our
monitoring and detection capabilities by providing already built use cases
that would take time for our internal team to develop.
Read More
INDUSTRY
Retail
FIRM SIZE
30B + USD
ROLE
Analyst
* SOC SERVICE IMPROVEMENTS
Sep 3, 2020
A solution service that made a Security operations live easier, buy the time
investing and knowledge and focus more on the operations and service
improvements, and waste les time.
Read More
INDUSTRY
Services
FIRM SIZE
500M - 1B USD
ROLE
Security and Risk Management
* EASY TO USE PLATFORM FOR THREAT HUNTERS
Jul 15, 2020
TDM is really easy to use. I like the filtration of content, it's really easy
to find what's needed from the dozens of rules. What is more helpful for us
in day-to-day work - mapping to the MITRE ATT&CK framework that halps in
uncovering the latest threats.
Read More
INDUSTRY
Finance
FIRM SIZE
50M - 250M USD
ROLE
Security and Risk Management
* GREAT COMPANY TO WORK WITH
Jul 6, 2020
SOC Prime have worked with us to ensure we are making as much use of the TDM
platform as possible. They have taken multiple feature requests and added
them into their development pipeline.
Read More
INDUSTRY
Finance
FIRM SIZE
<50M USD
ROLE
Analyst
* REVIEW
Jul 1, 2020
The content is very good and regularly updated and really effective in
detecting advanced threats, it become a crucial part of our day to day
operations
Read More
INDUSTRY
Services
FIRM SIZE
50M - 250M USD
ROLE
Consultant
* GREAT PRODUCT, GREAT EXCLUSIVE CONTENT
Jun 5, 2020
We bought SOC Prime as we were struggling to maintain our rule sets which
putting our company at risk. Since subscribing to the SOC Prime we are able
to continuously update our security content without increasing resources. SOC
Prime is now a critical part of our security infrastructure and increasing
the venue from existing SIEM investments.
Read More
INDUSTRY
Communications
FIRM SIZE
Gov't/PS/ED 5,000 - 50,000 Employees
ROLE
Security and Risk Management
* TDM SUCCESS STORY
May 24, 2020
We have been using TDM for 2 years. The company provides a great service,
qualified support and personal approach. Before choosing TDM, we were
actually looking for a solution to cover our security content needs and
improve detection capabilities. TDM has covered these needs and moreover
saved time to our SOC team. For the past year they became even better and
more mature in content quality and quantity. I think they can improve even
more by adding some industry specific content, but still it's a good value
for money anyway.
Read More
INDUSTRY
Manufacturing
FIRM SIZE
3B-10B USD
ROLE
Security and Risk Management
* GOOD, INNOVATION AND FLEXIBLE COMPANY
May 18, 2020
Aiming to gain the maximum of the Information Security department, the Bank
reached out to SOC Prime for consulting and finally bought a subscription for
the SOC Prime for sharing analytical content. The subscription enabled us to
significantly decrease workload of the department employees for creating the
analytical content, and put their efforts into investigation of the detected
incidents. New valid use cases and detection queries are continuously added
to TDM, which gives us an opportunity to minimize time for detection and
mitigation of threats.
Read More
INDUSTRY
Finance
FIRM SIZE
<50M USD
ROLE
Other CxO
* GREAT CONTENT, NEEDS VERIFICATION AND QA
Apr 16, 2020
The company has very knowledgable staff and the TDM platform provides a
plethora of great threat definitions and IOCs. I think SOC prime could do
better from a QA standpoint as many of the rules don't work out of the box
and require some fine tuning.
Read More
INDUSTRY
Finance
FIRM SIZE
50M - 250M USD
ROLE
Security and Risk Management
1 of 12
* 4.9
* Driven by the community feedback and cutting-edge technologies, we bring the
best user experience
* 12
* Our Detection as Code platform receives independent feedback from security
experts worldwide
* 83%
* We support and deliver detection and response capabilities to all industries
across the globe
START YOUR COLLECTIVE CYBER DEFENSE JOURNEY
Reach Sigma rules for any threat and any security tool without coding — choose
your way to a safer cyber future.
SIGN UPTALK WITH SALES
Why SOC Prime?
Why SOC Prime?
Sigma
Center of Excellence for Microsoft Sentinel
Pricing
Platform
Platform Overview
Discover
Hunt
Manage
Automate
Quick Hunt
Uncoder CTI
Uncoder AI
Community
Community
Threat Bounty
Partner Programs for Universities
Tools
Uncoder.IO
THE PRIME HUNT FOR:
Chrome
Firefox
Edge
Resources
Blog
News
Events
Use Cases
Integrations
Customer Success Stories
Detection as Code
Company
About Us
Industry Recognition
Leadership
Careers
Privacy
SOC 2 Type II Compliance
COOKIE POLICY
PRIVACY POLICY
SOC PRIME PLATFORM TERMS OF SERVICE
PRIVACY FAQ
FOLLOW US
SOC Prime, SOC Prime Logo and Threat Detection Marketplace are registered
trademarks of SOC Prime, Inc. All other trademarks are the property of their
respective owners.
This website uses cookies (small text files that the web browser saves on the
user's device). This is done to improve your experience while browsing the
website, analyze traffic statistically, and tailor website content to your
individual needs. It also allows us to improve the overall experience of the
website. These cookies will only be stored in your browser with your consent.
However, if you wish, you can refuse these cookies in your browser settings at
any time. But opting out of some of these cookies may have a negative impact on
your browsing experience. More information can be found in our Cookie Policy and
for a detailed list of the cookies we use, see our Cookie Settings.
Cookie SettingsAccept and Close