Devo Connect February AMA
Start discussions, ask questions, learn from others
Troubleshooting tips and how to guides
Read the latest news on Devo product updates
The Devo Threat Research Team has published OOTB Alerts Release 22! This release, available now from the Security Operations Content Manager, provides 9 updated detections and 2 new alerts. This update introduces powerful enhancements to fortify and monitor your security infrastructure. To access this new content, open the Security Operations app inside Devo and navigate to the Content Manager. Here, you can search for the detection name, update your existing detections or view all the new detection details and choose to deploy the new content.This update features several key improvements:New Alert: OS Credential Dumping: With our latest detection capabilities, we now provide a new alert system designed to identify instances of OS credential dumping promptly. This critical security threat, often exploited by malicious actors, can compromise sensitive login credentials. By issuing alerts for potential credential dumping activities, our system empowers users to respond swiftly, minim
The Devo Threat Research Team has published OOTB Alerts Release 21! This release, available now from the Security Operations Content Manager, provides 7 updated detections and 1 new alert. The updates focus on improved performance, easier installation and reduction in false positive results. If you are using these detections, this update is a must have!To access this new content, open the Security Operations app inside Devo and navigate to the Content Manager. Here you can search for the detection name, update your existing detections or view all the new detection details and choose to deploy the new content. New DetectionName Description Devo Table/Data Source/Category Change Log SecOpsO365OneDriveDownload Detects high volume of OneDrive activity CLOUD.OFFICE365.MANAGEME New Alert! Updated DetectionsName Description Devo Table/Data Source/Category Change Log SecOpsAccountsCreatedRemovedWithinFTourHours Detects user accounts that are created and delete withi
The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available. If you require a new parser, please open a support ticket through the support portal located here. Table of ContentsUpdated Parsers proxy.zscaler firewall.paloalto auth.jumpcloud av.mcafee bms.humansecurity auth.auth0 cloud.office365 box.win_winlogbeat box.win_nxlog box.devo_ea dhcp.bluecat vcs.gitlab vuln.qualys edr.crowdstrike edr.darktrace edr.cisco cloud.aws cloud.gsuite crm.salesforce casb.netskope network.meraki network.vmware adn.f5 entity.beh
Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update. This post contains new and updated collector information as well as links to their respective pages in our Documentation portal. Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new Collectors, please open a support ticket through the Support Portal. To update an existing Collector, the CS and Support teams are working together to schedule update windows with everyone!. Table of ContentsNew Collectors AWS SQS v1.0.0 Fastly Next-Gen WAF v1.0.0b3 Updated Collectors Microsoft Defender Cloud Apps v1.2.0 Jumpcloud v1.2.2 Crowdstrike API v1.5.4 Proofpoint TAP v2.2.0 Akamai SIEM Collector v2.0.0 Cortex-XDR v1.2.0 Qualys v2.0.0 Google Workspace Reports v1.9.1 (Formerly Gsuite Repots) SentinelOne v1.5.0 Cybereason v1.3.0 New CollectorsAWS SQS v1.0.0Link to D
Here are the latest additions to the Collector Library as well as the updated collectors for the month of January! Table of ContentsNew Collectors Microsoft Defender for IoT Collector v1.0.0b1 Bitwarden Collector v1.0.0b1 Cyble Vision Collector v1.0.0 Mandiant Advantage collector v1.0.0b1 IBM Cloud VPC Flow v1.0.0.b1 IBM Cloud Softlayer v1.0.0b1 IBM Cloud Activity Tracker v1.0.0b1 Updated Collectors MS Graph v1.7.0b1 Github v2.1.0 SentinelOne v1.4.0 Recorded Future v1.3.0 Cybereason V1.2.0 OneTrust v1.2.0 AlienVault OTX 1.1.0 Wiz Cloud Security v1.2.0 Cylance v1.1.0 Agari Phishing Defense v1.2.0 JumpCloud v1.1.0 Microsoft Azure v1.7.0 Okta Resources v1.8.0 Microsoft Defneder Cloud Apps v1.1.0 Microsoft O365 Message Tracing v2.2.0 Rapid7 INsightVM v1.4.0 Infocyte v1.3.0 New CollectorsMicrosoft Defender for IoT Collector v1.0.0b1Link to DocumentationBitwarden Collector v1.0.0b1Documentation in progressCyble Vision Collector v1.0.0Link to DocumentationMandiant Ad
This post details the pre-release information for Devo Platform Release 8.8.0. This release will be pushed to production on February 1, 2024, at 11 AM UTC+1. In this release, domain Administrators will benefit from enhanced monitoring capabilities over their environment with the introduction of the Usage Analytics feature. Another item in this release is the new Conditional Formatting feature available from the Field Viewer. This will enhance the capabilities of all Data Searchers with the support of up to 5 conditional formatting conditions. Continue reading to view the full details of this update. Release InformationRelease Date: February 1, 2024 Release Time: 11:00am UTC+1Geo ReleaseRegion Status CA Released US Released EU Released APAC Released Table of ContentsNew Features Usage Analytics Conditional Formatting introduced to the Field Viewer New Alerts audit table added Change Alert Status in Bulk actions Change Alert Priority in Bulk actions New EACH Alert cr
The Devo Relay Alert Pack is now available on Devo Exchange. The Relay Alert pack consists of alerts to help you monitor the Devo Relays and detect when there are issues.Table of contentsWhat is the Devo Relay? What is the Devo Relay Alert Pack? What Alerts are Included in the Devo Relay Alert Pack? Where do I find the Devo Relay Alert Pack? Using the Devo Relay Alert Pack Additional Resources What is the Devo Relay?The Devo Relay is one of the primary ingestion methods for the Devo Security Data Platform. While the relay code is provided by Devo, the relay infrastructure is typically deployed on customer premises for network routing purposes. What is the Devo Relay Alert Pack?The Devo Relay Alert Pack consists of three alerts that monitor the Devo Relay’s performance and detect when there are issues. By installing these alerts, you can ensure the function of your relay and detect issues before they arise. What Alerts are Included in the Devo Relay Alert Pack?The alerts are: DevoRe
The Devo Team has packed release 8.7.0 with some amazing content for our customers. In this release we have the long hinted Dark Mode, the new and completely rebuilt Alerts Page and finally Activeboards have become easier to use with the new Smart Editor. Lets dive right in! Release by RegionRegion Status GovCloud Released CA Released US Released EU Released APAC Released Table of ContentsNew Alerts Page Filter Triggered Alerts with new time ranges New Filtering options for Triggered Alerts Faster Alert Loading with new pagination New Alerts Management Page Streamlined Alert Management Expandable detail summary Edit Status Edit Priority Add Comments to single alert or multiple alerts Group Alerts by Name Dark Mode theme is here! How to switch to Dark Theme Activeboard New Features New copy icon Export To PDF improvements Bug Fixes New Alerts PageCompletely revamped with new features throughout, this is a leap forward for the Alert Page and the future of
In this article we are going to create a playbook that list the suspicious connection sources and filters them into a top ten list.. This tutorial will reinforce the playbook setup and go into detail on filtering and grouping data in a playbook. Let’s get started!Table of ContentsCreate a Connection Create event type Start a Blank Playbook Source Module Add Computation Node Filtering Data Add a second Computation node Add a third Computation node Create a Connection The first step in creating this playbook is to import the data. In this example, the data stored in a CSV file accessible via the following URL. Task Value Name DevoSOAR_Top10ex Connection Type file URL https://logichub-training.s3-us-west-2.amazonaws.com/sample-data/ssh.csv This first step is called a Connection, aptly named as it creates a connection to a data source.After you submit the new connection you will be sent to the connections page. This will list all your existing connections. You can
Custom Threat groups have arrived for the MITRE ATT&CK Adviser! This update allows you to define custom alert groups, design your own threat groups, and track them!Geo ReleaseRegion Status GovCloud Released CA Released US Released EU Released APAC Released Table of ContentsWhat is a Custom Threat Group? How can I use Custom Threat Groups? Where can I find Custom Threat Groups? How to configure a Custom Threat Group? Threat Groups Updated!What is a Custom Threat Group? Custom threat groups help organizations take threat groups from other security vendors and add them to the MITRE ATT&CK Adviser to quickly assess coverage of threat groups that are not tracked by MITRE. Custom threat groups enable customers to create: Custom threat groups Alert groups for data source not tracked by MITRE Groups to track their custom alert coverage How can I use Custom Threat Groups?Alert groups data for data source, enables organizations to map alerts for specific data sourc
Access our documentation here
Got a question you can't get answered here? Contact support
Access Devo.com here
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
