SOC Prime Threat Detection Marketplace

SOC Prime Threat Detection Marketplace (TDM) is a SaaS cross-platform content community daring to integrate versatile cybersecurity components into one coherent system. We help security professionals to detect and respond to cyber threats at the earliest stages of the attack lifecycle, enhancing the capabilities and increasing ROI for the most popular SIEM, EDR, NSM and SOAR tools. Together we continuously deliver rules, parsers, and machine learning models covering the latest threats, attacker tactics, techniques, and procedures (TTP), cloud security monitoring, and proactive exploit detection.

All types of threat detection content offered by the TDM community — over 55k SIEM and EDR rules, search queries, Snort and YARA rules and more — are being developed to fit various environments. SOC Prime TDM delivers content using Sigma, a generic and open SIEM signature format, which can be applied across various platforms. Currently, the SOC Prime TDM community provides access to 15+ supported platforms including:

SIEMs: Microsoft Azure Sentinel, Sumo Logic, Humio, Elastic Stack, Splunk, ArcSight, LogPoint, QRadar, and Graylog

EDRs: Microsoft Defender ATP, Carbon Black, CrowdStrike, Qualys

NSM and NTA solutions: Corelight / Zeek

SOC Prime makes threat detection easier and much more accessible. The company’s core product, Threat Detection Marketplace (TDM) is a SaaS content platform and community that has taken a challenge-driven approach to integrate multiple cybersecurity components into one coherent system. Leveraging TDM capabilities, cybersecurity specialists can maximize their team productivity and help their companies succeed in:

• Proactive deployment of threat detection capabilities
• Enhanced ROI of SIEM, EDR, NSM and SOAR investments
• Reduced Mean Time to Detect (MTTD) metrics

The SOC Prime TDM community offers a wealth of threat detection content — 55k+ SIEM and EDR rules, search queries, Snort and YARA rules and more content types that can be adjusted to various environments. The platform delivers content using Sigma, a generic open-source rule format for multiple SIEM systems. Giving preference to this signature format adds to the company’s flexibility since Sigma is becoming a commonly used method to build content and can be applied across various solutions. With SOC Prime TDM and its powerful analytical capabilities, companies can detect and respond to cyber threats at the initial stages of the attack lifecycle. More than 94% of the TDM content is mapped directly to the MITRE ATT&CK® framework that allows organizations to implement content perfectly fitting their unique threat profile.

TDM is a content platform with a strong sense of community that promotes global collaboration with threat hunters who can develop their own content, share it with the TDM community, and get paid for their contribution. Participation in the related Threat Bounty project, which has been thriving since May 2019, offers a brilliant opportunity to seasoned and promising developers to contribute to the global community evolving cyber defence through collaboration.