Role-Based Threat Detection Experience
Leverage SOC Prime Threat Detection Marketplace content and analytic capabilities
for the most personalized and role-based platform experience based on your cybersecurity
role, environment, and company’s security needs.
Learn What You Can Gain



New security event detected in your system
CISO
InfoSec / Cyber Team Lead
SOC Manager
Red Team Specialist
Cyber Threat Intelligence Analyst
Vulnerability Management Specialist
Threat Hunter / Threat Hunting Engineer
SOC Analyst
Detection Engineer / SIEM Content Developer
SIEM Administrator
Network Security Specialist
Endpoint Security Specialist
DevOps / IT Lead
Consultant
SOC Manager
Your daily routine as a SOC Manager may include constantly keeping up with the latest
security news, trends, and policy updates to enable your company to establish high
security standards, managing the team of security experts and supporting them in their
day-to-day tasks, as well as delivering improvements to enhance the organization’s
security protection. You can leverage the Threat Detection Marketplace content and
capabilities for these use cases and procedures:
-
Dashboard page to track your team activity within the SOC Prime platform, analyze your team efficiency, and identify the trend direction
-
Run the live benchmark to 10,000+ peers in security and see how you compare to your industry peers
-
Use the MITRE ATT&CK® page to keep pace with the dynamic attack vectors, visualize detection and data gaps, build a roadmap and integrate it with the ATT&CK Navigator
-
Fix the Vulnerability Management Process by being able to proactively deploy detections within 48 hours for 0.5% of vulnerabilities that are truly critical, ahead of a period of 62 days considered as median time to patch a vulnerability
-
Save costs by applying the global crowdsourcing and community model for R&D of rules, parsers, dashboards, SOAR/IR playbooks and Machine Learning models
-
Make sure that your SOC detection and response content is always the latest, continuously updated and is future-proof to avoid single detection platform lock-in
CISO
As a CISO, you can leverage Threat Detection Marketplace to:
-
Directly improve MTTD and MTTR metrics of your in-house or outsourced SOC
-
Fix the Vulnerability Management Process by being able to proactively deploy detections within 48 hours for 0.5% of vulnerabilities that are truly critical, ahead of a period of 62 days considered as median time to patch a vulnerability
-
Enable cost savings on collected data and gain up-to-date insights into a genuine security value of the collected logs and SIEM licenses
-
Maximize your SIEM ROI by enabling it to monitor host, network, application, SaaS, PaaS, IaaS, business critical apps and whatever comes next, save money on acquiring dedicated detection solutions
-
Map every detection to MITRE ATT&CK® making it relevant to your threat profile and environment
-
Transition from outdated waterfall process on threat detection and response content to an agile and continuous process
-
Avoid platform lock-in by using Sigma, a generic and SIEM agnostic rule format
-
Get full transparency on gaps and addressed Actors, Tools, and Techniques per MITRE ATT&CK
-
Get full value from your Threat Intelligence program by using behavior and TTP detections, instead of just relying on IOCs
-
See how you fare against your peers by having anonymized insights across your industry and track your team’s progress over time
-
Save costs by applying a global crowdsourcing and community model for R&D of rules, parsers, dashboards, SOAR/IR playbooks and Machine Learning models
Cyber Threat Intelligence Analyst
Your daily routine as a Cyber Threat Intelligence Analyst may include studying
cyber incidents happening in the world and relevant to your industry, analyzing
hacktools, TTPs used by APT groups, and adversary behavior patterns to be able to
identify potential threats the company might face. You can leverage the Threat
Detection Marketplace capabilities and content for these use cases and procedures:
-
Queries for historical IOC matching
-
TTP-based detections for behaviour-based threat hunting using various combinations of an extensive MITRE ATT&CK® set: Actors, Tools, and Techniques
-
Provide recommendations to the SOC team to deploy TTP-based detections
-
Your own cutting-edge feed about the latest threats, Tools, Techniques and Actors mapped to ATT&CK and the status of detection, attack simulation, response and mitigation capabilities and the basic context, just a few days ahead of general Threat Intelligence reports and weeks, months, or years ahead of IOCs
-
Learn the Sigma language, the de-facto standard of expressing threat hunting queries and producing cross-platform SIEM and EDR detection content and share it with Threat Intelligence reports
Vulnerability Management Specialist
Your daily routine as a Vulnerability Management Specialist may include studying the
latest CVE, malware, and exploits relevant to your industry, tracking network and
security vulnerabilities, identifying and classifying risks and potential issues,
and filtering out false positives. You can leverage the Threat Detection Marketplace
capabilities and content for these use cases and procedures:
-
Queries for historical IOC matching
-
Deploy early detection on the latest critical vulnerabilities, including trending CVE and POC Exploits
-
Prioritize the most critical vulnerabilities that are backed by detection rules, vetted by the global community, and relevant to your software stack
-
Run historical queries for IOC matching
Threat Hunter / Threat Hunting Engineer
Your daily routine as a Threat Hunting Engineer may include proactively searching for
IOCs, studying TTPs used by APT groups based on the MITRE ATT&CK® Tactics and Techniques,
monitoring logs, tracking alerts triggered by SIEMs and EDRs, setting threat hunting
priorities and hypotheses. You can leverage the Threat Detection Marketplace content and
capabilities for these use cases and procedures:
-
Rules based on Windows Active Directory logs for TTP-based threat hunting using various combinations of ATT&CK Actors, Tools, and Techniques
-
MITRE ATT&CK page to prioritize your hunts
-
YARA rules for malware hunting
-
Queries for historical IOC matching
SOC Analyst
Your daily routine as a SOC Analyst may include monitoring and analyzing the network traffic for
malicious activity, managing IP addresses and domains, analyzing notifications and cyber incidents
across the company, collaborating with Threat Intelligence and Incident Response Teams to keep up
with the industry-specific attack vectors. You will find content that helps you:
-
Understand the context of the alerts by linking them to Tools, Techniques and Actors based on MITRE ATT&CK®
-
Learn the basic and advanced detection logic, queries and correlation rules
-
Get familiar with Sigma rules, a generic and open rule format for SIEM systems, that has quickly become the de-facto standard to express detection and threat hunting
-
Learn critical security event IDs and log sources that help in investigations
Detection Engineer / SIEM Content Developer
Your daily routine as a Detection Engineer / SIEM Content Developer may include delivering
continuous event collection and log management, keeping an eye on your SIEM health, analyzing
the latest threats and adversaries to define the attack priorities and follow them to develop
custom content relevant to your company’s needs and SIEM. You can leverage the Threat Detection
Marketplace content and capabilities for these use cases and procedures:
-
Use and customize correlation and threat hunting content using Sigma rules, a generic and open rule format for SIEM systems, that has quickly become the de-facto standard to express detection and threat hunting
-
Overcome any parsing issues by setting Custom Data Schema that rewrites any rule and query fields on the fly to fit your data model
-
Streamline rule management with Continuous Content Management, powerful filters of Rule Master, Platform Integration Configuration, and API Access features
-
Develop future-proof rules using the Sigma UI tool and customizing their translations to avoid platform lock-in for your organization and become a cross-platform detection expert
-
Rank the content development priorities with the Wanted page
-
Leverage world-class support to customize content for your environment and versions
-
Plan and manage your SOC content roadmap using MITRE ATT&CK® in the platform directly or via integration with the ATT&CK Navigator
SIEM Administrator
Your daily routine as a SIEM Administrator may include installing and upgrading your SIEM
system, maintaining the SIEM platform stability and health with regular checkups or
delivering proper log source integration. Threat Detection Marketplace will help you to:
-
Get parsers and configs for log connection and normalization for the most critical data sources including host, network, application, SaaS, PaaS, and IaaS
-
Save a great deal of time on ingestion engineering and parser R&D by leveraging crowd-sourcing and working with pre-built parsers
-
Leverage world-class support to customize content for your environment and versions
-
Plan and manage your SOC log source roadmap using MITRE ATT&CK® in the platform directly or via integration with the ATT&CK Navigator
Red Team Specialist
Your daily routine as a Red Team Specialist may include catching up on the most recent
cybersecurity news and trends, including emerging threats, vulnerabilities, hacktools,
and TTPs, implementing penetration tests and other attack-simulation activities to analyze
the impact they might have on the company system. You can leverage the Threat Detection
Marketplace content and capabilities for these use cases and procedures:
-
RED tests for implementing emulation requests
-
Bypassing detections
-
Providing recommendations to the SOC team to deploy TTP-based detections
-
Showcase security gaps and addressed Actors, Techniques & Tools using MITRE ATT&CK®
Network Security Specialist
Your daily routine as a Network Security Specialist may include catching up on the
most recent cybersecurity news and trends, studying the latest threats, hacktools,
malware, CVE, TTPs, and DDoS attacks relevant to the company’s security needs,
monitoring computer networks for any security threats or unauthorized user access,
developing and testing software deployment tools, firewalls and intrusion detection
systems, as well as installing and updating security software. You can leverage these
rules for network security monitoring:
-
Rules based on Firewall or Proxy logs
-
Sigma rules for Zeek / Corelight
-
Snort rules
-
All detection rules are mapped to the context using the latest version of MITRE ATT&CK
Endpoint Security Specialist
Your daily routine as an Endpoint Security Specialist may include maintaining and
monitoring the EDR back-end infrastructure, analyzing potential threats and identifying
gaps in your EDR system. You can leverage the Threat Detection Marketplace content and
capabilities for these use cases and procedures:
-
RED tests for alert validation in your EDR
-
Enhance your Sysmon deployment by leveraging over 1,000+ rules converted from Sigma to the Sysmon configuration file to get signals enriched with the threat context and MITRE ATT&CK® tags
-
Keep up with the latest detections mapped directly to MITRE ATT&CK
-
Close the gaps on Tools, Actors and Techniques not covered by the default EDR rules by deploying our content
-
Pivot straight from the marketplace to your EDR console with a single-click drill-down search
DevOps / IT Lead
Your daily routine as a DevOps or IT Lead involves a great deal of log management, like
log collection, aggregation, parsing, storage, and analysis for ensuring the security of
applications and infrastructure and handling troubleshooting, no matter your environment
generating these events — on-premise or cloud. You can leverage the following platform
content for log monitoring based on log source type filtering:
-
Rules based on web server logs for web server auditing
-
Rules based on AWS, Azure, Azure AD, or Office365 logs for cloud-based monitoring
-
Anticipate emergency patching requests by getting first-hand insights into 0.5% critical security vulnerabilities that matter and have early detection available
-
Manage threat detection with the CI/CD process and Agile philosophy
Consultant
Your daily routine performing the Consultant’s role may include analyzing the company’s
security system, studying potential breaches and pain points, supervising the implementation
of solutions to the most pressing security issues, guiding entire organizations or certain
security departments to achieving compliance standards and driving improvements in the
identified security gaps. You can leverage the Threat Detection Marketplace content and
capabilities for these use cases and procedures:
-
MITRE ATT&CK® page to analyze the latest attack vectors and build the detection roadmap
-
Compliance rules for identifying the minimum requirements the company meets in terms of regulatory compliance
-
Various rules for detecting critical threats and building the company’s mitigation strategy
InfoSec / Cyber Team Lead
Your daily routine as a Team Lead of a certain security department or squad of SOC experts
is basically focused on managing and coaching your teammates, as well as measuring your
team progress, efficiency and productivity in achieving security goals that contribute to
the global business strategy. You can leverage the Threat Detection Marketplace content and
capabilities for these use cases and procedures:
-
Dashboard page to track your team activity within the platform over a certain period in terms of efficiency and productivity and identify the trend direction
-
MITRE ATT&CK® page to keep pace with the rapidly changing attack vectors
-
Learn and use Sigma, a generic rule format for SIEM systems and the de-facto standard for expressing threat hunting queries
-
Become a true cross-platform expert knowing how and why to build and use detections for the most major SIEM, EDR and NSM tools out there
-
Write future-proof content with Sigma to avoid vendor lock-in and preserve the IP rights for detection content
-
Track up-to-date metrics on your teams’ performance and benchmark them with 10,000+ of your peers across the globe

Explore Threat Detection Marketplace
Build proactive exploit detection and advance your security analytics with the largest SaaS content
community in the world that offers a personalized user experience tailored to your cybersecurity role.
Get Started
Customer Reviews
These clients have trusted us and gained. Become one of them.
10,000+
Committed Users

Personalize Your Experience with Threat Detection Marketplace
Leverage Threat Detection Marketplace to gain the most targeted content relevant to
your professional role and mapped directly to the MITRE ATT&CK framework.
SCHEDULE CALL