SOC Prime & CERT-UA

CERT-UA Feed

Witnessing the escalation of the ongoing global cyber war for over a decade, SOC Prime team backed by our Threat Bounty Program members has been continuously analyzing the activities of prominent APT groups worldwide to craft curated detection content and help organizations enhance their cyber defense against state-sponsored threats. Our experts have been on the cyber frontline since BlackEnergy attacks and NotPetya outbreak, aggregating the collective industry expertise and developing relevant detection content.

By directly cooperating with CERT UA and SSSCIP, we research, develop, and test Sigma rules on the real battlefield. The coordinated efforts contribute to multiple joint projects maintained with the SSSCIP and global partners. In June 2022, SOC Prime gained an insignia of honor from the SSSCIP for its assistance throughout the war.

To increase global awareness of the russia-linked malicious activity against Ukraine and its allies, SOC Prime keeps covering CERT-UA researches in our blog to highlight the particular attack details and curate relevant Sigma rules for proactive cyber defense.

Threat Informed Defense

Using Threat Detection Marketplace powered by the vendor-agnostic Sigma standard, SOC teams can be fully equipped with the detection content addressing key APT actors’ TTPs regardless of their security solution in use. To date, SOC Prime’s Threat Detection Marketplace curates 1,000+ Sigma rules geared towards TTPs leveraged by Chinese, Iranian, and russian state-sponsored collectives to support Threat Informed Defense initiatives across multi-cloud, on-premises, and SaaS environments. All rules are behavior-based and tagged with ATT&CK, manually tested and preselected, tuned, and updated by SOC Prime Content Team based on the reports published by CERTs in the EU, U.S., Ukraine, and Japan.

By purchasing the corresponding Threat Informed Defense annual subscription license, organizations can also choose up to 100 unique detection algorithms written in the Sigma, SIEM-native, or any generic EDR/XDR query language on top of the 1,000K rule kit against state-sponsored APTs. In addition, you will gain a 24-hour wait time on access to the detection content code from its release date* along with API access and more automated capabilities to streamline daily SOC operations, including simplified content search and customization.

As public sector organizations face ever-increasing risks of APT attacks, the Threat Informed Defense subscription license is a perfect fit to stay ahead of the emerging threats, risk-optimize the critical infrastructure, and timely detect malicious activity associated with the major nation-state collectives.

Learn More

*Unless you already have a Premium 24-hour SLA add-on. For more details, contact us.