Detect CVE-2025-21293 exploitation — a privilege escalation vulnerability in Active Directory Domain Services — using a Sigma rule in SOC Prime Platform.

SOC Prime

19.02.2025

Sandworm APT Attacks Detection: russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine - SOC Prime

Detect Sandworm APT attacks exploiting malicious Windows KMS activators in a cyber-espionage against Ukraine with Sigma rule from SOC Prime.

SOC Prime

19.02.2025

XE Group Activity Detection: From Credit Card Skimming to Exploiting CVE-2024-57968 and CVE-2025-25181 VeraCore Zero-Day Vulnerabilities - SOC Prime

Detect XE Group activity using CVE-2024-57968 and CVE-2025-25181, zero-day exploits in VeraCore, with Sigma rules from SOC Prime Platform.

SOC Prime

19.02.2025

CVE-2025-0411 Detection: russian Cybercrime Groups Rely on Zero-Day Vulnerability in 7-Zip to Target Ukrainian Organizations - SOC Prime

Detect CVE-2025-0411 exploitation attempts, 7-Zip zero-day vulnerability used in a SmokeLoader campaign against Ukraine, with Sigma rules from SOC Prime.

SOC Prime

19.02.2025

CVE-2025-1094 Exploitation, a Critical SQL Injection Vulnerability in PostgreSQL That Can Lead to Arbitrary Code Execution - SOC Prime

Explore CVE-2025-1094 exploitation analysis, a critical SQL injection flaw in PostgreSQL, with key details and overview on SOC Prime blog.

SOC Prime

01.02.2025

Lumma Stealer Detection: Sophisticated Campaign Using GitHub Infrastructure to Spread SectopRAT, Vidar, Cobeacon, and Other Types of Malware - SOC Prime

Detect Lumma Stealer spread via GitHub to drop other malware like SectopRAT, Vidar, and Cobeacon with Sigma rules from SOC Prime Platform.

SOC Prime

30.01.2025

TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads - SOC Prime

Detect TorNet backdoor delivered via PureCrypter malware in a phishing campaign targeting Poland and Germany with Sigma rules from SOC Prime.

SOC Prime

24.01.2025

CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities - SOC Prime

Detect CVE-2024-8963, CVE-2024-9379, CVE-2024-8190 & CVE-2024-9380, Ivanti CSA vulnerabilities used in exploit chains, with Sigma rules from SOC Prime.

SOC Prime

22.01.2025

CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution - SOC Prime

Detect CVE-2025-21298 exploitation attempts, a critical RCE vulnerability in Windows OLE, with a free Sigma rule from SOC Prime.

SOC Prime

21.01.2025

Hackers Exploit AnyDesk Impersonating CERT-UA to Launch Cyber-Attacks - SOC Prime

Detect cyber-attacks exploiting AnyDesk and masquerading offensive operations as CERT-UA activity with Sigma rules from SOC Prime Platform.

SOC Prime

18.01.2025

CVE-2024-49113 Detection: Windows LDAP Denial-of-Service Vulnerability aka LDAPNightmare Exploited via a Publicly Available PoC - SOC Prime

Detect CVE-2024-49113 aka LDAPNightmare exploitation attempts enabling attackers to gain DoS with Sigma rules from SOC Prime Platform.

SOC Prime

18.01.2025

SOC Prime Threat Bounty Digest — December 2024 Results - SOC Prime

Threat Bounty December 2024 digest - Important Program news and insights on five top-rated rules and authors

SOC Prime

17.01.2025

CVE-2024-55591 Detection: Critical Zero-Day Vulnerability in Fortinet FortiOS and FortiProxy Actively Exploited in the Wild - SOC Prime

Detect CVE-2024-55591 exploitation attempts, a critical authentication bypass vulnerability in Fortinet FortiOS and FortiProxy exploited in the wild, with Sigma rules from SOC Prime.

SOC Prime

15.01.2025

Detect Banshee Stealer: Stealthy Apple macOS Malware Evades Detection Using XProtect Encryption - SOC Prime

Detect Apple macOS Banshee Stealer malware leveraging XProtect encryption to evade detection with a set of Sigma rules from SOC Prime.

SOC Prime

14.01.2025

SOC Prime Launches Uncoder AI Solo: New Subscription Plan for Individual Security Experts - SOC Prime

SOC Prime introduces Uncoder AI Solo, a new personal subscription plan for individual cybersecurity researchers.

SOC Prime

09.01.2025

EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East - SOC Prime

Detect EAGERBEE malware, a new backdoor variant targeting organizations in the Middle East, with Sigma rules from SOC Prime Platform.

SOC Prime

07.01.2025

What is Event Streaming in Apache Kafka? - SOC Prime

Apache Kafka has become the go-to solution for implementing event streaming in modern systems

SOC Prime

07.01.2025

Message Queues vs. Streaming Systems: Key Differences and Use Cases - SOC Prime

Learn about the differences between "queue" and "streaming" in data processing and messaging systems

SOC Prime

07.01.2025

NonEuclid RAT Detection: Malware Enables Adversaries to Gain Unauthorized Remote Access and Control Over a Targeted System - SOC Prime

Detect NonEuclid RAT that features advanced antivirus bypass, privilege escalation, and ransomware encryption tools, using Sigma rules from SOC Prime.

SOC Prime

04.01.2025

Elasticsearch: Cluster Status is RED - SOC Prime

Learn how to manage situations when your Elasticsearch cluster gets Yellow or Red status

SOC Prime

03.01.2025

Search and Replace Text in SPL Fields with rex - SOC Prime

Learn how to search for and replace parts of text found in the fields in SPL using rex

SOC Prime

03.01.2025

CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers - SOC Prime

Detect CVE-2024-49112 exploitation attempts, a Windows LDAP RCE vulnerability followed by a PoC exploit release, using Sigma rules from SOC Prime.

SOC Prime

31.12.2024

rare Сommand in Splunk - SOC Prime

Learn how to use rare command in Splunk to find the least common values in a specific field of your data

SOC Prime

31.12.2024

coalesce Function in Splunk - SOC Prime

Learn how to use Splunk coalesce function for normalizing data from different sources with varying field names

SOC Prime

28.12.2024

Strela Stealer Attack Detection: New Malware Variant Now Targets Ukraine Alongside Spain, Italy, and Germany - SOC Prime

Detect Strela Stealer malware iteration targeting Ukraine apart from Europe with Sigma rules from SOC Prime Platform.

SOC Prime

27.12.2024

KRaft: Apache Kafka Without ZooKeeper - SOC Prime

KRaft, a new Kafka consensus protocol, eliminates the dependency on an external coordination system and removes the limitations of ZooKeeper

SOC Prime

27.12.2024

Reducing Kafka Lag: Optimizing Kafka Performance - SOC Prime

Learn how to improve Kafka performance and maintain a healthy ecosystem by reducing Kafka lag

SOC Prime

24.12.2024

Creating a Regex Pattern Set in AWS WAF - SOC Prime

Learn how to create a Regex Pattern Set in AWS Web Application Firewall (WAF).

SOC Prime

24.12.2024

Additional Settings for Optimizing Elasticsearch Cluster Performance - SOC Prime

Learn how to improve Elasticsearch cluster performance by fine-tuning certain settings and their descriptions.

SOC Prime

24.12.2024

Fluentd: How to Use a Parser With Regular Expression (regexp) - SOC Prime

This guide explains configuring Fluentd to extract structured data from unstructured log messages using the parser plugin with a regular expression (regexp).

SOC Prime

24.12.2024

OpenSearch Flush, Translog, and Refresh - SOC Prime

Learn more about OpenSearch flushing, the process of permanently storing data onto disk for all operations that have been temporarily stored in memory.

SOC Prime

24.12.2024

Using Kafka as a Fast Correlation Engine - SOC Prime

Explore how Kafka Streams can be utilized for filtering and correlating events in real time, transforming it into a correlation engine.

SOC Prime

21.12.2024

Splunk: Using collect Command for Creating New Events in a New Index - SOC Prime

Explore how to use the COLLECT command for creating new events in a new index in Splunk from our blog.

SOC Prime

21.12.2024

Using map Command in Splunk - SOC Prime

Learn more about using the map command in Splunk to enable secondary searches based on the results of a primary search.

SOC Prime

21.12.2024

Understanding Basics of Apache Kafka - SOC Prime

Learn more about Apache Kafka basics, key concepts, and prominent use cases.

SOC Prime

20.12.2024

Enhancing Events with Geolocation Data in Logstash - SOC Prime

If you are using Logstash and need to enrich event data with geolocation information based on IP addresses, check out this blog.

home›SOC Prime›Software

SOC Prime - Software

CVE-2025-0108 Detection: Active Exploitation of an Authentication Bypass Palo Alto Networks PAN-OS Software - SOC Prime

Ghost (Cring) Ransomware Detection: The FBI, CISA, and Partners Warn of Increasing China-Backed Group’s Attacks for Financial Gain - SOC Prime

CVE-2025-26465 & CVE-2025-26466 Vulnerabilities Expose Systems to Man-in-the-Middle and DoS Attacks - SOC Prime

RedCurl/EarthKapre APT Attack Detection: A Sophisticated Cyber-Espionage Group Uses a Legitimate Adobe Executable to Deploy a Loader - SOC Prime

CVE-2025-21293 Detection: PoC Exploit Released for a Privilege Escalation Vulnerability in Active Directory Domain Services - SOC Prime

Sandworm APT Attacks Detection: russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine - SOC Prime

XE Group Activity Detection: From Credit Card Skimming to Exploiting CVE-2024-57968 and CVE-2025-25181 VeraCore Zero-Day Vulnerabilities - SOC Prime

CVE-2025-0411 Detection: russian Cybercrime Groups Rely on Zero-Day Vulnerability in 7-Zip to Target Ukrainian Organizations - SOC Prime

CVE-2025-1094 Exploitation, a Critical SQL Injection Vulnerability in PostgreSQL That Can Lead to Arbitrary Code Execution - SOC Prime

Lumma Stealer Detection: Sophisticated Campaign Using GitHub Infrastructure to Spread SectopRAT, Vidar, Cobeacon, and Other Types of Malware - SOC Prime

TorNet Backdoor Detection: An Ongoing Phishing Email Campaign Uses PureCrypter Malware to Drop Other Payloads - SOC Prime

CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380 Detection: CISA and FBI Warn Defenders of Two Exploit Chains Using Critical Ivanti CSA Vulnerabilities - SOC Prime

CVE-2025-21298 Detection: Critical Zero-Click OLE Vulnerability in Microsoft Outlook Results in Remote Code Execution - SOC Prime

Hackers Exploit AnyDesk Impersonating CERT-UA to Launch Cyber-Attacks - SOC Prime

CVE-2024-49113 Detection: Windows LDAP Denial-of-Service Vulnerability aka LDAPNightmare Exploited via a Publicly Available PoC - SOC Prime

SOC Prime Threat Bounty Digest — December 2024 Results - SOC Prime

CVE-2024-55591 Detection: Critical Zero-Day Vulnerability in Fortinet FortiOS and FortiProxy Actively Exploited in the Wild - SOC Prime

Detect Banshee Stealer: Stealthy Apple macOS Malware Evades Detection Using XProtect Encryption - SOC Prime

SOC Prime Launches Uncoder AI Solo: New Subscription Plan for Individual Security Experts - SOC Prime

EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East - SOC Prime

What is Event Streaming in Apache Kafka? - SOC Prime

Message Queues vs. Streaming Systems: Key Differences and Use Cases - SOC Prime

NonEuclid RAT Detection: Malware Enables Adversaries to Gain Unauthorized Remote Access and Control Over a Targeted System - SOC Prime

Elasticsearch: Cluster Status is RED - SOC Prime

Search and Replace Text in SPL Fields with rex - SOC Prime

CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers - SOC Prime

rare Сommand in Splunk - SOC Prime

coalesce Function in Splunk - SOC Prime

Strela Stealer Attack Detection: New Malware Variant Now Targets Ukraine Alongside Spain, Italy, and Germany - SOC Prime

KRaft: Apache Kafka Without ZooKeeper - SOC Prime

Reducing Kafka Lag: Optimizing Kafka Performance - SOC Prime

Creating a Regex Pattern Set in AWS WAF - SOC Prime

Additional Settings for Optimizing Elasticsearch Cluster Performance - SOC Prime

Fluentd: How to Use a Parser With Regular Expression (regexp) - SOC Prime

OpenSearch Flush, Translog, and Refresh - SOC Prime

Using Kafka as a Fast Correlation Engine - SOC Prime

Splunk: Using collect Command for Creating New Events in a New Index - SOC Prime

Using map Command in Splunk - SOC Prime

Understanding Basics of Apache Kafka - SOC Prime

Enhancing Events with Geolocation Data in Logstash - SOC Prime

home
›
SOC Prime
›
Software