Skip to main content

- - Knowledge base overview
Customer Portal
Product Updates
Events
Groups

Home
Search

Recently active topics

11

juan.delrioCommunity Manager

Devo Parser Catalog Update for June

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Parsers network.citrix auth.all firewall.barracuda cloud.office365 firewall.cisco firewall.sophos firewall.watchguard adn.f5 Updated Parsersnetwork.citrixFixes Added a fix to parse user info from the logs: network.citrix.adc.aaatm netw

juan.delrioCommunity Manager

Devo Collector Catalog Update for June

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update. This post contains new and updated collector information as well as links to their respective pages in our Documentation portal. Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Collectors Devo Collector Thinkst Canary v1.3.0 ServiceNow API Collector v2.2.0 Trend Micro Vision One Collector v1.5.1 Cortex XDR Collector v2.2.0 Fastly Next-Gen WAF Collector v1.4.0 Malwarebytes Nebula Collector v1.2.0 Cisco Meraki Collector v2.1.0 Tencent Collector v1.5.0 Box Collector v2.2.0 Trellix Epo Collector v1.2.0 AWS Collector v1.14.0 Sopho

juan.delrioCommunity Manager

Devo Prodcasts: Devo Platform Release 8.16.17

Join our Intrepid hosts for another Devo Prodcast! This week, we will discuss the new features and improvements delivered in Devo Platform Release 8.16.17.

juan.delrioCommunity Manager

Devo Platform Release 8.16.17

Team Devo is happy to present Devo Platform 8.16.17, which introduces some amazing and impactful capabilities. For MSSPs, a giant step forward with the Shared Alerts feature. MSSPs can now share Parent Domain alerts across their tenant domains, individually or in bulk. This not only simplifies enabling new clients, but now clients can see all the protection provided by the MSSP! Workflow-wise, we have improved alert management with editable Post Alert Filtering, organized Common lookups in a new tab, and released the new Funnel Widget for Activeboards. Rounding off this release with a collection of improvements and bug fixes, make sure you jump right in! Release GeosRegion Status CA Released US Released EU Released APAC Released Table of ContentsNew Features Shared Alerts feature for MSSP’s Edit Post Alert Filters Common Lookups Activeboards: New Chart: Funnel Improvements Relays and ELB section renamed to Ingestion Alerts: Alert and Rule name column width incr

juan.delrioCommunity Manager

Release Previews

Release Preview: Cloud Collector Dashboard

Future version of the Cloud Collector will introduce a new feature called the Collector Dashboard. This new feature provides real-time visibility into your collector performance and health status using multiple data sources. Version 1 of this new feature is targeted for July 14th. Status Pending Released What’s Changing?Screenshot represents a version in development progress, some items may change. The Collector Dashboard version 1 will contain the following metrics: At-a-glance summary: Total collectors, healthy count, and issue count Detailed status table showing each collector's current state Last activity timestamps to identify stale or inactive collectors One-click restart functionality for immediate remediationMultiple data sources feed this new dashboard:SDK Metrics Network Metrics Queue MetricsWho can see this change?Users with access to the Cloud Collector. Who can see this UI change?Users with access to the Cloud Collector. Where are these changes?Cloud Collector dashboa

juan.delrioCommunity Manager

Release Previews

Release Preview: Funnel widget

The upcoming update to the Devo Platform will include a new Activeboard widget called the Funnel Chart. Status Pending Released What is changing?A new widget, the Funnel Chart will be available in Activeboards.A Funnel Chart is a type of chart that is used to represent data in stages, showing the progressive reduction of data as it moves through a process. This is particularly useful for visualizing conversion rates, identifying bottlenecks, and optimizing processes in areas such as sales, marketing, and user engagement.Who can see this change?All users with access to create Activeboards. Where are these changes?Activeboard creation page. When is this happening?Targeted Release date is Tuesday July 1st 2025. Why the change?Add new visualization for Activeboards.

juan.delrioCommunity Manager

Release Previews

Release Preview: Common Lookups

The next release of the Devo Platform will make some visible changes Administration with Lookup management and renames Relays and ELB’s to Ingestion. These are great changes for Multi-Tenant Domains. Status Pending Released What’s Changing? Under the Administration section then Data Management you will see we have divided the Lookups tab between Domain Lookups and Common Lookups.The new Common Lookups Section contains lookups that have been provided by Devo like Mispindicator and those shared with a domain from the parent domain.Common Lookups are restricted in the tenant domain by:Does not display lookup type Does not display status Does not display if it is a shared lookup Disabled download in CSV Disabled edit function Disabled updating function Disabled share function Disabled Delete function Disabled Go to query function Additionally, this release includes another Administration change.The Section “Relays and ELB” will be renamed to “Ingestion”. This change is also reflected

juan.delrioCommunity Manager

Release Previews

Release Preview: Editable Alert Post Filters

The next release of the Devo Platform introduces a new capability: Editable post filters! Status Pending Released What is changing?In the triggered Alerts page, you can now go to the elipsis menu and see a new command called “Edit Post Filters (x)”. (x represents the number of active filters.Editable options available:Name Condition ActionWho can see this UI change?Users with Role access to Triggered Alerts Where are these changes?Alerts Page When is this happening?Targeted Release date is Wednesday July 2nd 2025. Why the change?This improvement gives you more flexibility and control when managing alerts.

juan.delrioCommunity Manager

Release Previews

Release Preview: Parent/Tennant Alert Sharing

The upcoming release of the Devo Platform introduces a new Alert capability: MSSP Alert Sharing! Status Pending Released What’s ChangingA new alert capability is introduced. MSSP Alert SharingThis new capability features:Parent Domain Alert Sharing Configurable Sharing settings Share Individually or in Bulk through Alerts-Rules management Auditable through devo.audit.alert.definition table View only access for Tenants They are triggered in the root domain as usual. Triggered alerts are visible in tenant domains with view-only access (status, priority, post filter and definition can’t be edited) Tenants can view triggered alert details, the query logic, and the events that triggered the alert. Who can see this UI change?Parent domains will see the new Administration and alert sharing tools. Tenants will see a new icon next to the alert name for any alert that is shared from the parent domain. Where are these changes?Alerts Page When is this happening?Targeted Release date is We

juan.delrioCommunity Manager

Coming Soon: Devo AI Assist

AI-Powered Security Operations Coming to Your EnvironmentWe're excited to announce the rollout of Devo AI Assist, a powerful new addition to the Devo platform that transforms how security teams interact with their data and streamlines operations.What is Devo AI Assist?Devo AI Assist is an intelligent assistant that enables you to interact with the Devo platform using natural language. Instead of learning complex query syntax or navigating through multiple screens, simply describe what you want to accomplish, and Devo AI Assist will execute the appropriate actions for you.Key Capabilities🔍 Natural Language Security Queries"Hunt for indicators of lateral movement in our network" "Show me authentication failures from high-risk countries" "Analyze privileged account activity for insider threats" "Generate compliance reports for our critical assets"⚡ Intelligent Workflow ExecutionAutomatically creates dashboards, Activeboards, and alerts Generates optimized LINQ queries from your descripti

juan.delrioCommunity Manager

Devo Relay Release 2.15.1

The Devo Relay is a critical feature of Devo that receives inbound events from your data sources and then sends them to your Devo instance with all the tagging and processing rules that make Devo work as fast as it does. Release 2.15.1 adds automations and new OS support. The first automation added removes the additional steps to launch the relay after setup. With this next feature, all certificates will automatically renew 1.5 months before expiration. This is a huge usability improvement and greatly received! Lastly, support for Ubuntu 24, aka Noble Numbat, and support for Ubuntu 20 has been retired. Learn more below! Table of ContentsEnhancements Automatic activation Automatic renewal of Relay Certificates Support for Ubuntu 24 Removed support for Ubuntu 20 Bug Fixes Source tag capture groups EnhancementsAutomatic activationThe relay is now automatically activated after setup. No need to go to the UI to click on the activation button.Learn more in our documentation Autom

Badge winners

cybersafehas earned the badge Conversation Starter
xabier.zapatahas earned the badge Problem Solver
samuel.minohas earned the badge Conversation Starter
CyberRedNeckhas earned the badge Very Important Pineapple
Raphhas earned the badge Deep Dive 4 Attendee Helmet

Show all badges

Powered by Gainsight

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

Login with SSO

or

Username *

E-mail address *

First Name

(Private)

Only you and moderators can see this information

Last Name

(Private)

Only you and moderators can see this information

Company

(Private)

Only you and moderators can see this information

*

Job Title

(Private)

Only you and moderators can see this information

A bit about yourself

City

(Private)

Only you and moderators can see this information

Country

(Private)

Only you and moderators can see this information

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Login to the community

No account yet? Create an account

Login with SSO

or

Username or Email

Password

Remember me

Forgot password?

Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.

Enter your e-mail address

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

OK

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

OK