How It Works
This feature allows detection engineers to store detection rules in their own repositories—alongside all intelligence, MITRE mapping, and operational metadata—in the same format used across Threat Detection Marketplace.
Users can choose a platform (e.g., Sigma), specify a repository destination, and provide context like severity and status. The rule and its metadata are then securely saved in SOC Prime’s cloud or pushed to a connected Git repository for version control and collaboration.
The screenshot demonstrates this process in action with a ransomware detection rule being saved to a custom Git-based collection. Critical attributes like ATT&CK tags, severity, and logsource metadata are parsed and attached automatically.
Why It’s Innovative
Detection content often lives across multiple locations—email chains, spreadsheets, or isolated systems—making lifecycle management chaotic. This feature:
- Centralizes detection engineering workflows
- Supports stock content reuse across SOC operations
- Uses a standardized metadata-rich format consistent with Threat Detection Marketplace
- Leverages encrypted cloud storage for secure rule management
- Enables full versioning and external CI/CD via GitHub, GitLab, or Azure DevOps
Operational Value
- Secure & Centralized Storage: Content is saved in SOC Prime’s infrastructure with encryption at rest, ensuring compliance and resilience.
- Lifecycle Support: Enables seamless transition from rule creation to validation, deployment, and documentation.
- CI/CD Integrations: Native Git-based integrations simplify automated workflows across teams and platforms.
- Consistency & Reusability: All saved content aligns with the Threat Detection Marketplace format, streamlining reuse across different detection contexts.
Empower your SOC teams with centralized, secure, and version-controlled rule management—directly from within the detection engineering workspace.
The post Save Detection Code & Metadata to Custom Repositories appeared first on SOC Prime.
