Loading . . .

Developer Program for Threat Detection Marketplace

Do research, write and submit rules, earn money while you sleep

The opportunity to generate a steady income by writing threat detection rules. Join the defenders that work together for the better cyber security!

What can I provide?

Content developed by you as a person or by eligible partner companies for the purpose of threat detection, threat hunting and incident response. In SIEM terms we are talking about Sigma Rules, correlation rules, queries, dashboards, parsers. In EDR & Endpoint Protection - Yara rules, Network Based detection - Snort rules. Attack simulation content for open-source instruments is also supported.

Sigma rules
Yara rules
Snort rules
Red tests

(such as Atomic Red Team)

SIEM rule packages

(.ARB, .gzip etc.)


(logstash configs, Flex connectors, technology add-ons, DSM’s etc.)

Data enrichers & response actions

(e.g. python, bash, powershell scripts)

Incident Response playbooks

How to make money with SOC Prime Threat Bounty

SOC Prime Threat Bounty Program has transitioned to the rank based rewards. Key unlocks did not work so we have removed a reward per unlock as per July 1st 2019 and informed all developers in email.
What happened in the backend is that SOC Prime team has reached out to every client we have, shared the Threat Bounty story, advised which rules would be of high use to clients. Some clients proceeded with Key unlocks but the majority provided feedback on the difficulty of such system for enterprise. Our TAMs have further collected feedback from customers to see what we can do better and this is how the Wanted! list was created. A monthly tradition that we intend to follow.

As our mission is to build and back an active and involved community with fair compensation to the developers. Unlocks were low and initial plan was to provide Payouts only from new sales generated monthly. So to live up to the promise we have provided payouts for June even if some things did not work. You may have had 0 unlocks and still received a payout, as we highly value your effort and want to get things right. Most important news is that SOC Prime Threat Bounty is live and working on both ends, even though there are some initial bumps to overcome. July and onwards rewards will be paid based on the ranking system. Here is how to increase your rank: create requested content, address the latest threats, build detections for latest exploits before patches are available (with or without CVE), create content that correlates with Wanted! list (threats and log sources of interest for paying clients), create resilient rules which are hard to circumvent and remain accurate for long time (a rule based on IP address will have a short lifespan as opposed to behavior rule). All of these actions will impact both monthly reward and long-term reputation. Free and paid rules matter, so it is up to you to decide how to balance it. On our end, SOC Prime equally supports free and paid content.

Developers feedback


With Developer program for Threat Detection Marketplace you can get your content in front of 13800+ users from 5000+ organizations from 156+ countries. We have created the 1st cross-platform cyber threat detection security marketplace in the world so that defenders can fight the adversaries together. SOC Prime has proven its capabilities many times by sprinting the cutting-edge detection content for threats like WannaCry, NotPetya as well as leveraging MITRE ATT&CK® since 2016 for threat actor attribution. We know exactly how much hard work it goes into making the good rules, testing them and hunting for the next threat or exploitation technique.

Our mission is to help the security researchers with reaching to global customers and get rewarded for their work on regular basis. While SOC Prime handles the QA and sales, we want you to help us with content! If we talk numbers we get 2000+ content views and 700+ downloads per months. Top authors on Threat Detection Marketplace have 1000+ views and downloads of their content and receive special spotlight at the Leaderboards. Over 95% of the content is tagged with ATT&CK using the marketplace engine so that clients can see both technical and strategic value of the rules. See the most popular rules below.

Do research, write and submit rules, earn money while you sleep