Content developed by you as a person or by eligible partner companies for the purpose of threat detection, threat hunting and incident response. In SIEM terms we are talking about Sigma Rules, correlation rules, queries, dashboards, parsers. In EDR & Endpoint Protection - Yara rules, Network Based detection - Snort rules. Attack simulation content for open-source instruments is also supported.
TDM Developer Program has transitioned to the rank based rewards. Key unlocks did not work so we have removed a reward per unlock as per July 1st 2019 and informed all developers in email. What happened in the backend is that SOC Prime team has reached out to every client we have, shared the Threat Bounty story, advised which rules would be of high use to clients. Some clients proceeded with Key unlocks but the majority provided feedback on the difficulty of such system for enterprise. Our TAMs have further collected feedback from customers to see what we can do better and this is how the Wanted! list was created. A monthly tradition that we intend to follow.
As our mission is to build and back an active and involved community with fair compensation to the developers. Unlocks were low and initial plan was to provide Payouts only from new sales generated monthly. So to live up to the promise we have provided payouts for June even if some things did not work. You may have had 0 unlocks and still received a payout, as we highly value your effort and want to get things right. Most important news is that Threat Bounty is live and working on both ends, even though there are some initial bumps to overcome. July and onwards rewards will be paid based on the ranking system.
Here is how to increase your rank: create requested content, address the latest threats, build detections for latest exploits before patches are available (with or without CVE), create content that correlates with Wanted! list (threats and log sources of interest for paying clients), create resilient rules which are hard to circumvent and remain accurate for long time (a rule based on IP address will have a short lifespan as opposed to behavior rule). All of these actions will impact both monthly reward and long-term reputation. Free and paid rules matter, so it is up to you to decide how to balance it. On our end, SOC Prime equally supports free and paid content.
Once I got the main idea
and a little bit of experience,
I began designing content
for my SOC in strictly Sigma
By Lee Archinal, Developer
Sigma rules can be converted and applied to many log management or SIEM systems
By Florian Roth, Nextron Systems GmbH
SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)
By SOC Prime Inc.
The SANS webcast on Sigma contains a very good 20 min introduction to the project from minute 39 onward
By Justin Henderson and John Hubbard
A value analysis and step-by-step deployment of Sigma rules to ArcSight ESM & Logger
By Jordan Camba, SOC Prime Inc.
An article on how to build optimal Yara rules with a minimal chance of false positives
By Florian Roth, Nextron Systems
With Developer program for TDM you can get your content in front of 5000+ users from 2700+ organizations from 128 countries. We have created the 1st cross-platform cyber threat detection security marketplace in the world so that defenders can fight the adversaries together. SOC Prime has proven its capabilities many times by sprinting the cutting-edge detection content for threats like WannaCry, NotPetya as well as leveraging MITRE ATT&CK™ since 2016 for threat actor attribution. We know exactly how much hard work it goes into making the good rules, testing them and hunting for the next threat or exploitation technique.
Our mission is to help the security researchers with reaching to global customers and get rewarded for their work on regular basis. While SOC Prime handles the QA and sales, we want you to help us with content! If we talk numbers we get 2000+ content views and 700+ downloads per months. Top authors on TDM have 1000+ views and downloads of their content and receive special spotlight at the Leaderboards. Over 95% of the content is tagged with ATT&CK using the marketplace engine so that clients can see both technical and strategic value of the rules. See the most popular rules below.