Cybersecurity without MITRE ATT&CK has been existing in a state where Physics was before the Periodic Table of Elements. SOC Prime has been actively using the framework since its inception in 2016, and one thing we always did is linking the Techniques, Tools, and Actors to SIEM rules. It accelerated quickly with the development of the Sigma language by Florian Roth and Thomas Patzke in 2017. Sigma is a meta language that is SIEM agnostic and enables creating threat detection rules and threat hunting queries for multiple platforms in a minimum amount of time. Most importantly, it is a sharable and open source, so cyber defenders can explore detection logic and code before adding rule or query to their SIEM. A big achievement is an ability to rise above the tunnel vision created by one single SIEM technology, so a person who knows ArcSight or QRadar can collaborate with an expert in Splunk or Elasticsearch on solving a common security task. In January 2018, SOC Prime made the first publicly available connection of Sigma with the attack framework on our very own Threat Detection Marketplace. Later, on May 9-10 during the ATT&CK Community EU event hosted at CIRCL Luxembourg, it was agreed by the international security community to tag Sigma with ATT&CK. An update to Sigma standard followed shortly, and the detection engineering discipline has evolved to its next state. We went from the waterfall model to full agile in threat detection content research, development and deployment. A year later, in May 2019, the attack community EU had a meeting again, now at EUROCONTROL facility in Brussels with a much larger audience. Every fourth member showcased how they switched their detection engineering process to agile, leveraging git protocols and CI/CD practices. Our mission is to evolve the capabilities further to be community-driven. For this, we need the support of every security stakeholder and that requires addressing logistics and visualization tasks. The visual part is most commonly addressed in the industry by using the ATT&CK navigator, an open-source matrix-like visual tool developed by MITRE in 2017. SOC Prime has an alternative visual tool that is available since 2016 under codename “Security Virtual Assistant or SVA”. In 2017, the SVA became available for free for any signed-up member at While the ATT&CK Navigator serves the purpose of a lightweight, open and portable utility for threat hunting and security analysts, SOC Prime’s version is geared towards live data aggregation and presentation. The exploration tool links together the latest version of attack framework to over 50,000 of detection rules, parsers, and playbooks to display security gaps, data quality and availability issues, and threat technique coverage as close to real-time as possible. One tool does not contradict another, and to make the next step to strengthen the community we released an import feature of MITRE ATT&CK Navigator JSON file to Threat Detection Marketplace to create a live exploration map and configurations. Export capability is under R&D and will arrive in 2020, with the goal to boost community collaboration even further. In February 2020, SOC Prime has announced the integration of Sigma and ATT&CK tagging with cloud-native SIEM, Microsoft Sentinel. Being a member of the Microsoft Intelligent Security Association (MISA), we are constantly developing new means to improve cybersecurity tools and operations for any security team out there. This page serves as a reflection of these capabilities, linking together open source and private security content with a goal to help any company out there improve. The art of creating a threat detection rule by an individual has been enhanced to the industrial scale, some people call it Use Case Factory or Detection as a Code. We decided to make part of it free, fast and accessible at your fingertips from any mobile device with a sub-second search and page load time. We are working on integrating more open-source security tools here, including the