After the lists have been configured, you can finish the configuration in LimaCharlie. Note that currently the SOC Prime API is not available for free users. It is available only for paid users or if they requested a trial.
First, enable the
socprime add-on on the LimaCharlie marketplace.
Then, navigate to the Integrations page in your organization, enter the SOC Prime Key & click
When the Key is saved, you will get the ability to select the SOC Prime content lists you want to have populated in LimaCharlie as detection & response rules. After selecting the lists & clicking
Update, you are all set to start receiving detections based on the SOC Prime lists.
A detection that comes from the SOC Prime Lists, will have
socprime listed as a detection author.
Note that adding a new rule to a SOC Prime content list that is enabled in LC will see the new rule be applied during next sync (LimaCharlie syncs the SOC Prime rules every 3 hours).