Devo Connect Community April AMA
Ask questions, get answers, share insights
Devo’s product team is happy to present the latest version of our integrated EUBA, Behavior Analytics, to you! Devo Behavior Analytics 1.9 introduces a new step in the configuration process to allow for the definition of Whitlists. This enables users to input the values for Users, Devices and Domains they want whitelisted during the creation process. This new process is significantly improved by the ability to upload csv lists to your whitelists as well!Devo Behavior Analytics is included in the Intelligent SIEM package and can help you quickly uncover anomalous user and entity behavior! Read more on our main page here. Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released Table of Contents New FeaturesWhitelist functionalityWhitelisting is critically important for behavior analytics models to be able to remove well known or noisy entities from the detection and find the true threat lingers as changes in behavior. The new Whitelist section l
The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available. If you require a new parser, please open a support ticket through the support portal located here. Table of ContentsNew Parsers box.ibm cef0.aruba cef0.cisco cef0.skyhighSecurity epm.beyondtrust proxy.oclc siem.devo Updated Collectors cloud.azure edr.cisco endpoint.symantec firewall.all.traffic firewall.cisco firewall.uniper sase.paloalto New Parsersbox.ibmLink to Documentationcef0.arubaDocumentation in progresscef0.ciscoLink to Documentationcef0.skyhighSecuri
Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update. This post contains new and updated collector information as well as links to their respective pages in our Documentation portal. Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new Collectors, please open a support ticket through the Support Portal. To update an existing Collector, the CS and Support teams are working together to schedule update windows with everyone!. Table of ContentsNew Collectors Rapid7 InsightVM Cloud v1.0.0 Updated Collectors AWS v1.8.2 Microsoft Graph v2.0.0-beta2 Microsoft Defender ATP Endpoint v1.2.0 Rubrik v1.1.2 Cisco Umbrella S2 v1.2.0 Wiz v1.6.1 Okta V1.8.1 Azure v2.0.0-beta3 CyberArk Identity v1.1.2 Extrahop Revealx v1.2.0 AWS SQS V1.2.0 New CollectorsRapid7 InsightVM Cloud v1.0.0Link to Documentation Updated Collecto
Hello everyone, the latest release of the Devo Platform is now live! Release 8.9.0 expands the availability of the TimeLine Widgets first introduced in Release 8.7.0 with the new Alerts Page. We also have created additional enhancements on the default activeboard loading process, giving you full control over what activeboard gets loaded on launch. Next, enhancement adds more control over your widget by adding new running operations at the widget level. Finally, we have improved user interactions in the activeboard contextual menus. These Activeboard improvements help speed up and empower your visualization of your data!Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released Table of ContentsNew Features TimeLine Widget Running operations at the widget level Enhancements Enhanced Activeboard loading behavior on open Activeboard Menu options improved New FeaturesTimeLine WidgetThe popular Timeline widget introduced in the Alert Page revamp fro
The MITRE ATT&CK Adviser is your alert coverage command center, and this new release brings with it more capabilities for you to manage your alert coverage. This release is available now for all geos! New to this release is the ability to update Alerts! We are always updating our alerts with the latest detections, and you can update them from Devo Exchange or Security Operations, now you can update them from the Adviser as well! You will also be able to compare the old and updated alerts with this update. We have also added additional bulk actions to allow you to enable and disable groups of alerts. Managing your alert coverage has never been easier! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released Table of ContentsNew Features Update Alerts in the Adviser Compare Alert Contents New Bulk Actions Added New FeaturesUpdate Alerts in the AdviserAlerts that are provided by Devo are constantly kept up to date with the latest MITRE ATT&
The Devo team has released the latest version of Devo SOAR! This release includes new enhancements to existing features as well as critical bug fixes. Devo SOAR has a large library for automations and integrations to fit all your needs. SOAR Automation is a key feature of Devo Intelligent SIEM, allowing you to automate a large number of daily tasks and give you back essential time to perform key investigations and hunts. We have tutorials on the community to help you get started as well as Devo SOAR Documentation. You can also use the guided playbook builder to interactively create a no-code automation! Table of ContentsEnhancements 2 New Actions for Microsoft Defender for Endpoint Bug Fixes CrowdStrike Falcon Host (OAuth Based) Enhancements2 New Actions for Microsoft Defender for EndpointYou can now do more with this automation with these new actions:Get Live Response Results Run Live Response ActionBug FixesCrowdStrike Falcon Host (OAuth Based)Fixed an error with the default
Hello everyone, the latest Devo Platform release is here! Release 8.8.20 brings a whole host of updates for Alerts! Starting with the new triggered Alerts details page increasing the number of actions you can take from one location. Next we have a new capability to find Alerts by Alert ID with the newly integrated ID search feature. The Alerts type field has received new values to better match the creation of the alert. An new field was added to the audit table devo.audit.alert.definition called “info” as well as a new audit table for Alert triggered operations. Find the full details of this release in this article. Geo AvailabilityRegion Status GovCloud Released CA Released US Released EU Released APAC Released Table of ContentsNew Features New Triggered Alerts Details page Searcy by Alert ID Redefined Type field when Grouping Alerts New “info” field added to audit table devo.audit.alert.definition New audit table devo.audit.alert.triggered Bug Fixes Alert
We're thrilled to announce the latest updates and additions to our alerting system with Release 24. This release introduces a significant enhancement to our SIEM detection framework, focusing on improving threat detection accuracy and simplifying threat hunting for users. The key highlights of this release include the introduction of a new alert, SecOpsWinDnsExcessiveEmptyOrRefusedQueries, and the migration of existing alerts to the Devo Cyber Data Model, a common information model designed to streamline threat investigation processes.To access this new content, open the Security Operations app inside Devo and navigate to the Content Manager. Here, you can search for the detection name, and manage your alerts. To update or install new alerts visit Devo Exchange. Table of ContentsNew Detections SecOpsWinDnsExcessiveEmptyOrRefusedQueries Updated Detections Migration to Devo Cyber Data Model New DetectionsSecOpsWinDnsExcessiveEmptyOrRefusedQueriesA new alert has been added to detect in
The Devo team has released the latest version of Devo SOAR! This release includes new automations, enhancements to existing features as well as critical bug fixes. Devo SOAR has a large library for automations and integrations to fit all your needs. SOAR Automation is a key feature of Devo Intelligent SIEM, allowing you to automate a large number of daily tasks and give you back essential time to perform key investigations and hunts. We have tutorials on the community to help you get started as well as Devo SOAR Documentation. You can also use the guided playbook builder to interactively create a no-code automation! Table of ContentsNew Integration Integration for Apivoid Feature Enhancements New actions for Virus Total Bug Fixes New IntegrationIntegration for ApivoidApivoid provides JSON APIs useful for cyber threat analysis, threat detection, and threat prevention, reducing and automating the manual work of security analysts.Feature EnhancementsNew actions for Virus TotalVir
Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update. This post contains new and updated collector information as well as links to their respective pages in our Documentation portal. Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new Collectors, please open a support ticket through the Support Portal. To update an existing Collector, the CS and Support teams are working together to schedule update windows with everyone!. Table of ContentsNew Collectors AWS SQS v1.0.0 Fastly Next-Gen WAF v1.0.0b3 Updated Collectors Microsoft Defender Cloud Apps v1.2.0 Jumpcloud v1.2.2 Crowdstrike API v1.5.4 Proofpoint TAP v2.2.0 Akamai SIEM Collector v2.0.0 Cortex-XDR v1.2.0 Qualys v2.0.0 Google Workspace Reports v1.9.1 (Formerly Gsuite Repots) SentinelOne v1.5.0 Cybereason v1.3.0 New CollectorsAWS SQS v1.0.0Link to D
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
