The Complete SOC.OS Update: August 2021

  • August 17, 2021
  • Dave Mareels

SOC.OS has successfully been upgraded.

With the latest release, you can say hello to advanced search capability, drastically improved UI responsiveness, Hour/Day/Week/Month cluster view, new (MS Advanced Threat Analytics) and improved tool integrations. Not to forget a bunch of bug fixes and a continually maturing wiki to help with support and training.

Click on the following video for a 2min overview of the major upgrades which are now available to all users. Enjoy!

What’s new for the SOC.OS User Interface (UI)

Advanced search capabilities

Following the recent introduction of “chip” based basic searching, we wanted to provide even more powerful search capabilities. We’ve delivered this with the introduction of the new SOC.OS query language. Any SOC.OS search bar supports advanced search using the SOC.OS query language. Simply press the Advanced button to the right of the query to convert your basic query mode into an advanced query. You can then edit the raw text of the SOC.OS query to fit your specific investigation. For more information on this new capability, check out the dedicated “Advanced Search” page on the SOC.OS wiki, here.

Time period-based cluster visualisation filtering

You can now choose to view the visualisation grouped into time periods of Hour, Day, Week or Month, allowing you to filter your view and better interpret clusters over varying time periods.

What else is new?

  • Auth0 log in page  updated to latest version (v11.27)
  • Preparation for SOC.OS Alert search (more details to come in next releases)
  • Further visualisation improvements driven from Elasticsearch (histogram), improving performance and responsiveness
  • Security and performance updates

Bug Fixes

  • More UI bugs and inconsistencies fixed
    • Threat types in visualisations
    • Scroll bars
    • Alert percentages
  • Default search query no longer re-populates after deleting and moving between clusters
  • Cluster attribute searches now work across all attributes and not just the first in list

Source Systems

  • New integrations of source systems:
    • Microsoft Advanced Threat Analytics
  • Improved existing integrations:
    • FortiOS support updated to v7.0
    • Cylance mapping now includes “Artefacts of Interest”
    • Palo Alto mappings updated for additional actions


  • Search help page updated with Advanced Search
  • Tutorial videos for some features now available here (more coming soon)

What’s next for the SOC.OS software?

As ever, we’re excited to continue to develop SOC.OS to meet your needs, and always welcome your input. Please continue to call us or email about defects and improvement suggestions, no matter how small or seemingly left field!

About the author

Dave Mareels

Dave Mareels


Following a Masters in Mechanical Engineering, Dave joined BAE Systems’ engineering leadership programme working across military aircraft, maritime and cyber domains, before taking on SOC.OS in 2018. When not working, he enjoys travelling, basketball, BBQs and private tutoring.