- - Knowledge base overview
Training Exercises
Product Updates
Events
Docs

Welcome to Devo Connect!

Browse the Community

Community

Start discussions, ask questions, learn from others

Knowledge base

Troubleshooting tips and how to guides

Product updates

Read the latest news on Devo product updates

Community Categories

About Devo

3 topics
0 Replies

Join the Community!

1 topic
0 Replies

Latest Content

Recent activity

alexdevoAdmin

Activeboards Fundamentals

juan.delrioCommunity Manager

Devo Platform 7.19 Release

Devo is proud to introduce DeepTrace with version 7.19 along with many requested improvements and fixes!Geo Release AvailabilityRegion Status CA Released US Released EU Released APAC Released Table of ContentsDevo DeepTrace Integrations SSO integration with Devo Platform Search integration Alert Integration To learn more about DeepTrace Product Release post DeepTrace Documentation Page DeepTrace Interactive launch page Video: New Alert capability No Sending Policy Api Improvements New API PROBIO API improvements NASS Improvements Service Registry Bug Fixes Devo DeepTrace IntegrationsThis release adds integrations to the DeepTrace product just released! There are 3 main integrations added.SSO integration with Devo PlatformYou can launch DeepTrace directly from Devo Platform using Single Sign On Authentication.Search integrationYou can right click on an event and select “investigate in Deeptrace. You can also find it under the tools menu.Also available from t

512

12 days ago

juan.delrioCommunity Manager

Guides and Troubleshooting

How to start writing Playbooks for Devo SOAR

Your day is filled with workflows, procedures and repetitive steps. Maybe you just started the Devo SOAR Trial or are about to and want to know just how to get started with Playbooks. This article will show you a few playbooks in natural language and share some tips on how to convert your workflows into playbooks and be ready to create them in Devo SOAR. Writing Playbooks in Natural LanguageWriting down your process is something you are probably already doing. With these examples and tips you can adapt those workflows to make the transition much easier to using Devo SOAR.Creating a Playbook in natural language is as easy as creating a bullet list. These examples will help illustrate.Simple Playbook ExampleWhat is the Goal?We want to monitor our email security solution. If it fails, block inbound and outbound emails until problem is resolved. Write it out in stepsPrepare an email to send. Send the email. Check integration output for errors. Parse the email integration results. Grab

200

19 days ago

juan.delrioCommunity Manager

Guides and Troubleshooting

10 Playbooks you should start with in Devo SOAR

Devo SOAR has thousands of uses as an Automation tool. You can use it for highly critical tasks yes, but any task that saves you time is critical in our world! You don’t have to imagine them, lets go over a few Playbooks that you can start with as soon as you open Devo SOAR. Phishing AnalysisThe most prolific security risk in any organization, the ubiquitous Phishing emails! Use this playbook to analyze any reported phishing emails and make quick work of this daily task. You will need a plalybook that will help you analyze the IP address, domains, and URL’s to understand the risk associated with each. Creating a combined ranking of the threat will help you prioritize your response. Email Attachment AnalysisWhat’s worse that Phishing emails? Attachments masquerading as legitimate files. This playbook automatically does analysis of email attachments in emails from any IMAP server. Based on the risk, you could build additional steps to remediate or trigger notifications for a m

390

20 days ago

alexdevoAdmin

Devo Foundations

Devo Foundations - Exercise 6.1 - Example of an "each" alert with a proxy server

Once we have polished a query, the next logical step is to make something with the output. For example, continue the analysis now that we know more, visually represent the data with activeboards, or define alerts so we get notified every time the behavior we identified in the query happens.Let’s check this last use case.Part 1: Creating the alert Use the finder to open the proxy.bluecoat.proxysg.main table. Set the time range to display results the last 24 hours. Lets begin by isolating those connection requests that were denied by the proxy server. Then we’re going to group the connections by the user and the category that describes the target of the connection. Apply a filter so that we see only those events where the action is “TCP_DENIED”. For this example, we are not enriching the data, so we go from filtering to grouping. Perform a time-based (say, 5m) grouping by the username and categories fields. Add an aggregation that totals the number of connections denied for each

283

22 days ago

alexdevoAdmin

Devo Foundations

Devo Foundations - Exercise 5.1 - Using lookups

Firewall information is very relevant to Arcadia. However, sometimes they are not able to make sense of the real information hidden behind IP addresses and abstract categories. This is where lookups come in: they take data enrichment to a whole new level.For this exercise, we are going to rely on available lookups already existing in the devo_101 domain:userInfo pa_threat_categoriesGo to Data search / Lookup management and double check that you can access them. Otherwise, you won’t be able to complete this exercise.The overarching theme here today is that we want to focus on where the connections that pass through the firewall are reaching: the destination IPs. Are these IPs trusted sites? Dangerous sites? Should we worry? To what extent? Can we quantify that concern? Let’s go.Let’s begin by querying the union table firewall.all.traffic from the finder. Set the time range to the last 24 hours. As we are already used to, it’s best practice to start with filtering. Let’s get rid of priva

566

28 days ago

Maggie SplaineAdmin

Devo DeepTrace is Now Available to Devo Customers!

Devo DeepTrace is Now Generally Available to Devo Customers. Introducing Devo Deeptrace! DeepTrace is an autonomous alert investigation and threat hunting solution that advances how security teams identify attacks, investigate threats, and secure their organization. With rapidly expanding attack surfaces and increasing amounts of data, today’s SOCs face a never-ending stream of alerts while leveraging manual investigative processes. This results in higher frustration levels and slower response times. Devo created DeepTrace to arm and empower you with the tools and insights needed to rapidly investigate alerts and proactively respond to threats. With DeepTrace, you will spend less time performing repetitive, manual tasks and instead focus on investigating the highest priority threats to your business. How does Devo DeepTrace work? Devo DeepTrace helps analysts identify the root cause of every attack. By performing autonomous alert investigation and threat hunting using attack-trac

720

1 month ago

alexdevoAdmin

Devo Foundations

Devo Foundations - Exercise 4.5 - Analyzing IDS data

This time we are going to focus on the Suricata Intrusion Detection System (IDS) that Arcadia uses. It stores its logs into the ids.suricata.fast data table.Open this data table. Set the time range to the last 3 days. There is no built-in preset interval for that, so use the calendar to build it yourself. Locate the signature field, and hover over its header. We are looking for signatures containing the term “TROJAN”. We can expect more than one single type of trojan occurrence. So we need to use an operation than filters by including anything with that term. Use the operation contains, represented by -> The first argument is the field signature. For the second argument, click on the ✏️ icon and add “TROJAN”. Don’t enter the quote symbols. This contains (->) operation is case sensitive, so write it in uppercase. Now, where are those connections associated with trojan activity going to? Where are their destinations? To address that, we can check the

161

1 month ago

Community Champions

Events Calendar

Employe Leaderboard

Still scrolling?

Devo documentation

Access our documentation here

Contact support

Got a question you can't get answered here? Contact support

Devo Website

Access Devo.com here

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

Username *

E-mail address *

Company

(Private)

Only you and moderators can see this information

Job Title

(Private)

Only you and moderators can see this information

A bit about yourself

City

(Private)

Only you and moderators can see this information

Country

(Private)

Only you and moderators can see this information

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Login to the community

No account yet? Create an account

Username or Email

Password

Remember me

Forgot password?

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.