Product Updates

Team Devo is happy to present Devo Platform 8.17.4, which introduces new features to Data Search and Administration.  For Data Search, we have introduced a new progress bar, providing a visual indicator for searches in progress.  The JQ operators are now aligned in functionality between API and Data Search. New functionality for the Peak operator, it now supports both IPv4 and IPv6. In Administration, you can now manage tokens through RBAC, complete with token obsfucation! This Product update combines the release information from Platform 8.17.0 and 8.17.4. Read on to see the full details. Release GeosRegion Status CA Released US Released EU Released APAC Released   Table of ContentsNew Features Data search: New progress bar Copy in Field Header Menu “Peek” and “Is in” support net4 Improvements Administration: Role-Based Access Control (RBAC) for tokens LINQ unification project udpate Data Search Event Count Administration Roles update Internal Audit Logs Bug Fixes New FeaturesData search: New progress barThe new progress bar will indicate the completion during the initial loading state of a running query when no data is available.This feature provides users with clear visibility into the status of their queries, ensuring they are informed that the data is being processed correctly and displayed accurately. Copy in Field Header MenuThe field header menu in data search has a button that copies the distinct values in a field to the clipboard. “Peek” and “Is in” support net4Peek: find matching network prefix (peek) and Is in (`in`, <-) support arrays of net4 data type.  Now both IP4 and IP6 notation can be used. ImprovementsAdministration: Role-Based Access Control (RBAC) for tokensThe Administration -> Credentials -> Tokens area is now available to all users. Admin users and those with the “API Credentials” permission will see all tokens in the domain, while other users will only see the tokens they own.The new RBAC functionality ensures that the value of a token is only visible to its owner (the user who created it) and its authorised user.Key improvements include: A new field has been added to the Tokens page that displays the token value. Non-admin users without the “API Credentials” permission will only see the tokens they own or are authorised to use. The token value is only displayed to its owner (i.e. the user who created it) and its authorized user (i.e. the recipient of the token) Users with “API Credentials“ permission who access the details of a token they don’t own will see it hashed with the following structure: tk.<token_hash>.<last_5_characters_of_the_token> (i.e. tk.c1b3b252eee3.7f012). The “Token info” window includes the token type. Learn more in our Documentation. LINQ unification project udpate JQ operations: JQ operations support is now aligned in User Interface and API. peek operation: Support for arrays of net6 network prefix arrays. `in` operation: Support for arrays of net6 network prefix arrays. Data Search Event CountThe “Event count” feature now always displays the quantity of events present in the table. Administration Roles updateThe “Current queries” permission has been removed. Users can now view and manage their running queries from the “Current queries“ page by enabling the “Finders” permissions. Admin users can view and manage all running queries in the domain. Internal Audit LogsIn the "Object name" column, the devo.internal.audit.logs table shows the token name when a token is enabled or disabled, and the certificate name when an X.509 certificate is created or deleted. Bug Fixes Data search: Previously, the data search table remained blank when a refinement was added to the query. Now this has been fixed. Tokens: Previously, the search field didn’t allow searching for tokens by their value. This functionality has now been corrected. Aggregation tasks: new aggregations with custom fields were failing. Now this has been fixed. Query termination works better when the client’s clock is incorrect.

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo's amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!Table of Contents  Updated Parserscloud.azureImprovements Fixed parsing of the action field to standardize its value: cloud.azure.firewall.network_rule Added Added new parser: cloud.azure.cache.connectedclientlist cloud.azure.contregistry.repositoryevents cloud.azure.aadiam.microsoftserviceprincipalsigninlogs cloud.azure.activity.administrative cloud.azure.activity.policy cloud.azure.advisor.recommendation cloud.azure.botservice.botrequest cloud.azure.machinelearningservices.read_event cloud.azure.kusto.command cloud.azure.nsp.access_log cloud.aws.cloudwatch.eks cloud.azure.network.azfwapplicationrule cloud.azure.network.azfwdnsquery cloud.azure.network.azfwidpssignature cloud.azure.network.azfwnatrule cloud.azure.network.azfwnetworkrule cloud.azure.network.azfwthreatintel Updated existing parsers to handle additional fields required for the new log format: cloud.azure.sql.securityauditevents cloud.azure.keyvault cloud.azure.eventhub cloud.azure.dbforpostgresql cloud.azure.apimanagement.gatewaylogs cloud.azure.aks box.win_snareImprovements Added new fields: box.win_snare edr.microsoft_defenderImprovements Added new field: edr.microsoft_defender.endpoint.assessment_software_vulnerabilities Updated parsing logic to parse new fields: edr.microsoft_defender.endpoint.machines Refined the parser to support new JSON logs: edr.microsoft_defender.advanced_hunting.device_process.events box.auditImprovements Updated parser logic to handle double colon (::): box.audit.macos.event box.unix_snareAdded Added new table: box.unix_snare.audit my.appAdded Created new table: my.app.equifax_dev.cisco.vpn cef0.esetAdded Added new table: cef0.eset.protect waf.f5Improvements Updated existing parser to handle additional fields required for the new log format (security event): waf.f5.distributed_cloud.events network.juniperImprovements Added support to parsing of UI_LOGIN_EVENT: network.juniper.junos box.all.winImprovements Added 5 new fields in box.all.win union: failureStatus callerProcessId callerProcessName targetServerName serviceId Updated parser to support new fields: box.all.win union box.win_nxlogImprovements Fixed parsing used json1of to support Keywords as int or str: box.win_nxlog.dns cloud.awsImprovements Updated parser to support four new fields: cloud.aws.rds.audit New fields added: cloud.aws.cloudtrail.ssm Added New parser created: cloud.aws.cloudtrail.q network.ciscoImprovements Updated parsing logic to parse new fields: network.cisco.switch firewall.ciscoImprovements Updated parsing logic to parse new fields for certain event ids: firewall.cisco.asa db.oracleImprovements Added JSON parsing support: db.oracle.audit cef0.fortinetAdded Created new cef0 parsers: cef0.fortinet.forticlinetems cef0.fortinet.fortigate600f cef0.fortinet.fortigate70f cef0.fortinet.fortigatevm64ali cef0.fortinet.fortigatevm64aws cef0.fortinet.fortigatevm64azure Added new cef0.fortinet parsers to the Union: cef0.fortinet.fortigateAll firewall.watchguardImprovements Refined the parser to support new events and removed redundancy: firewall.watchguard.traffic kms.obsidianAdded New parser created: kms.obsidian.alerts.default firewall.paloaltoImprovements Updated parser to support JSON logs as per new schema: firewall.paloalto.threat sig.ciscoImprovements Refined the parser to support logs of V13 of umbrella: sig.cisco.umbrella.dns sig.cisco.umbrella.proxy casb.netskopeAdded New parser added for casb netskope to parse v2 of netskope platform endpoint: casb.netskope.endpoint box.win_cloudwatchImprovements Added versioning to support new logs: box.win_cloudwatch cef0.ciscoAdded Added new cef0 parser for c100v logs: cef0.cisco.c100vSecureEmailGatewayVirtual firewall.allImprovements New mappings added: firewall.all.vpn.traffic box.allImprovements Added table monitor.dynatrace.api.grail_query to union: box.all.unix box.all.win cef0.checkPointImprovements Added new fields: cef0.checkPoint.systemMonitor endpoint.vmwareAdded Added new table: endpoint.vmware.cbc_event_forwarder.cbAuth endpoint.vmware.cbc_event_forwarder.cbWatchlist endpoint.vmware.cbc_event_forwarder.cbAlerts firewall.allImprovements Added tables cef0.checkPoint.vpn1Firewall1, cef0.paloAltoNetworks.panOs, cef0.fortinet.fortigateAll to the Union: firewall.all.ips cef0.fortinet.fortigateAll cef0.checkPoint.vpn1Firewall1 cef0.paloAltoNetworks.panOs ips.allImprovements Added tables cef0.checkPoint.vpn1Firewall1, cef0.paloAltoNetworks.panOs, cef0.fortinet.fortigateAll to the Union: ips.all.alerts cef0.fortinet.fortigateAll cef0.checkPoint.vpn1Firewall1 cef0.paloAltoNetworks.panOs

 Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update. This post contains new and updated collector information as well as links to their respective pages in our Documentation portal. Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources!  Table of ContentsUpdated Collectors Azure collector v2.7.0 Alibaba Cloud Collector v1.8.0 Log Injector collector v3.1.1 AWS SQS Collector v1.12.0 Microsoft Defender ATP Endpoint Collector v3.2.0 Trend Micro Vision One Collector v1.7.0 Imperva Collector v1.4.0 Box API collector v2.3.0 Atlassian Collector v1.2.0 Fastly Next-Gen WAF collector v1.5.0  Updated CollectorsAzure collector v2.7.0Changed Remove queue_name validation Upgraded the DCSDK to 1.16.4 Upgraded SDK image base to 1.8.0 Alibaba Cloud Collector v1.8.0Changed Updated DCSDK version from "1.16.3" to "1.16.4" Enabled support for dynamic shard management in log services Log Injector collector v3.1.1Changed Revert the changes to match old functionality of sending events line by line Upgraded the DCSDK to 1.16.4 Fixed Added missing field in user schema AWS SQS Collector v1.12.0Changed Updated docker base image from "1.5.1" to "1.8.0" Updated DCSDK from "1.16.3" to "1.16.4" Added Added generic CSV processor Microsoft Defender ATP Endpoint Collector v3.2.0Changed The DCSDK Docker base image has been updated from "1.6.0" to "1.8.0" Updated Devo collector SDK to 1.16.4 Fixed Fixed start time reset issue in assessment service Trend Micro Vision One Collector v1.7.0Changed Updated docker based image from "1.6.0" to "1.8.0" Updated devo collector sdk from "1.16.3" to "1.16.4" Fixed Fixed list index out of range issue in case of all events are duplicate Imperva Collector v1.4.0Changed The DCSDK Docker base image has been updated from "1.7.0" to "1.8.0" Updated Devo collector SDK from "1.16.3" to "1.16.4" Fixed Fixed invalid file content handling Box API collector v2.3.0Changed Updated DevoCollectorSDK to version 1.16.4 Updated docker base image to 1.8.0 Fixed Fixed ingestion stop issue Atlassian Collector v1.2.0Changed Updated DCSDK from 1.12.2 to 1.16.4 Updated Docker Image from 1.3.0 to 1.8.0 Fastly Next-Gen WAF collector v1.5.0Changed Updated DevoCollectorSDK to version 1.16.4 Updated docker base image to 1.8.0 Fixed Fixed bad request issue

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo's amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!  Table of ContentsUpdated Parsers box.win edr.eset firewall.paloalto waf.owasp network.juniper  Updated Parsersbox.winImprovements Parsed and added the CallerProcessId field: box.win_nxlog.security box.win_nxlog Updated mapping of logonProc field: box.all.win edr.esetAdded Added new parser: edr.eset.connect.detections edr.eset.connect.incidents edr.eset.connect.permissions edr.eset.connect.role_assignments firewall.paloaltoImprovements Updated the parsing logic to support additional fields and multiple time formats: firewall.paloalto.system waf.owaspAdded Added new parser: waf.owasp.modsecurity.log network.juniperAdded Added new parser: network.juniper.junos

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update. This post contains new and updated collector information as well as links to their respective pages in our Documentation portal. Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Collectors Alibaba Cloud Collector v1.7.0 Cloudflare Collector v1.5.0 Log Injector collector v3.0.0  Updated CollectorsAlibaba Cloud Collector v1.7.0Changed The DCSDK Docker base image has been updated from "1.6.0" to "1.8.0" Exposed parameter to configure base64 encoding as true or false for SMQ service Exposed parameter to configure acknowledge message as true or false for SMQ service Allowed collector to poll messages even if credentials does not have get attribute permissions for the queue Cloudflare Collector v1.5.0Changed Updated docker base image to 1.8.0 Improved 429 error handling to ensure proper wait time when API rate limit reached Fixed Fixed rate limiting issue Log Injector collector v3.0.0Changed Initial template-based implementation Upgraded the DCSDK to 1.16.3 Upgraded SDK image base to 1.8.0

Devo AI Assist is an intelligent assistant that enables you to interact with the Devo platform using natural language. Instead of learning complex query syntax or navigating through multiple screens, simply describe what you want to accomplish, and Devo AI Assist will execute the appropriate actions for you. In Release 1.7.0, we’ve introduced new query samples and rules to build cleaner queries, we’ve added instructions to identify alerts by ID as well as new alert samples from our best designers to build better alerts! Devo AI assist is now generally available, talk to your CSM or Devo Contact to deploy in your environment. Table of ContentsChange Log for AI Assist prompt General Guardrails introduced. Query Improvements Alert Improvements Clean up  Change Log for AI Assist prompt General Guardrails introduced.Devo AI Assist has a few limitations and these have been made explicit in the prompt so it alerts you when you run into them.7 Day lookback If table is not found or has no data, do not use sample data If you fail to find a table twice in a row, check for session expirationQuery ImprovementsExpanded sample library of query code imported from Devo Exchange sample queries in order to boost query creation capabilities.Defined all the all_tables it can use to start investigations in order to use a single table that gathers from all sources and conserve token and api calls. Alert ImprovementsGuard rails introduced:Get user permission before using create or edit alert tools Explicitly search of existing alert before using create alert tool.Search for Alert by ID instructionsAdded a collection of Alerts created by our experts as samples to boost alert creation capabilities. Clean upCorrected any old tool names to current tool names. Removed SOAR and Case Management personas and instructions.  A new strategy for these additional features will be implemented in a future release.

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo's amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Parsers mdm.kandji box.win-fluentbit mail.egress auth.all cloud.azure network.cisco ftp.crushftp web.iis cloud.azure edr.microsoft_defender cloud.aws box.win_nxlog firewall.paloalto box.as400_powertech cims.equifax  Updated Parsersmdm.kandjiAdded Added new table: mdm.kandji.audit.event box.win-fluentbitAdded Added new table: box.winFluentbit.security.log mail.egressAdded Added new tables: mail.egress.defend.inbound_event mail.egress.defend.linkclick_event mail.egress.defend.response_event mail.egress.defend.phish_reported_event auth.allImprovements Updated mapping for source_ip and srcIp field of auth.all union table Updated parsing of auth.ping.id.mfa for extraction of resources fields: auth.ping.id.mfa cloud.azure.ad.signin.all auth.cisco.ise network.citrix.adc.sslvpn cloud.azureImprovements Updated the parsing logic to handle cases where the 'level' field was null by introducing a new field 'level_str' to parse 'level' as a string: cloud.azure.ad.risky_users network.ciscoImprovements Updated parsing logic by versioning to parse fields which were coming null: network.cisco network.cisco.router network.cisco.wlc ftp.crushftpFixed Fixed parsing logic for the cases where serverdate was not passing correctly: ftp.crushftp.event web.iisImprovements Updated parsing logic by versioning to support Microsoft v8.5 log structure: web.iis.accessW3c web.iis.accessW3cAll cloud.azureImprovements Updated parsing logic for supporting properties object fields Fixed properties__timestamp parsing by adding properties__timestamp_str and applying conditional date parsing based on string length Added Added new parser as cloud.azure.functionapp.log: cloud.azure.appservice.http cloud.azure.ah.alert_info cloud.azure.functionapp.log edr.microsoft_defenderImprovements Added new fields: edr.microsoft_defender.endpoint.alerts cloud.awsAdded Added new table: cloud.aws.cloudtrail.devops_guru box.win_nxlogAdded Added new table: box.win_nxlog.nps firewall.paloaltoImprovements Added new fields: firewall.paloalto.audit box.as400_powertechAdded Added new table: box.as400_powertech.logagent.event cims.equifaxAdded Added new table: cims.equifax.eport.event

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update. This post contains new and updated collector information as well as links to their respective pages in our Documentation portal. Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Collectors Tencent Cloud Collector v1.6.0 Crowdstrike API Resources v1.15.0 Alibaba Cloud Collector v1.6.0 TenableIO collector v2.3.0 Trend Micro Vision Collector v1.6.0 Netskope v2api Collector v2.2.0 Microsoft Office365 Management Collector v2.8.0 Okta Auth0 Collector v2.0.1 Microsoft Graph Collector v3.3.0 Jumpcloud Collector v1.4.0 Salesforce collector v3.6.0 CyberArk Identity collector v1.5.1 Imperva Collector v1.3.0  Updated CollectorsTencent Cloud Collector v1.6.0Changed The DCSDK Docker base image has been updated from "1.5.1" to "1.6.0" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3" Improved tencent log fetcher logic to reduce delay Crowdstrike API Resources v1.15.0Improvements Added 4 new services cloud_assets, compliance_assessments, iom_events, ioa_events The DCSDK Docker base image has been updated from "1.5.1" to "1.6.0" Alibaba Cloud Collector v1.6.0Changed The DCSDK Docker base image has been updated from "1.5.1" to "1.6.0" Allow parallel log pulling from different shards to reduce delay TenableIO collector v2.3.0Changed The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.3" Upgraded SDK image base to 1.6.0 Fixed Fixed issue with audit_log service (OOM kill issue) Trend Micro Vision Collector v1.6.0Changed Refactored codebase to follow Devo collector SDK template Fixed Fixed duplicate event ingestion issue Netskope v2api Collector v2.2.0Improvements The DCSDK Docker base image has been updated from "1.5.1" to "1.6.0" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3" Added Added new service event_endpoint to fetch /event/endpoint logs Microsoft Office365 Management Collector v2.8.0Changed The DCSDK Docker base image has been updated from "1.5.1" to "1.6.0" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3" Fixed Fixed None to DateTime comparison issue Okta Auth0 Collector v2.0.1Fixed Fixed access token refresh issue Microsoft Graph Collector v3.3.0Changed The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.3" Upgraded SDK image base to 1.6.0 Fixed Fixed duplicate issue Jumpcloud Collector v1.4.0Changed Updated devo collector sdk to 1.16.3 Updated docker base image to 1.6.0 Fixed Fixed start time key in collector puller Fixed persistence reset logic if no start time provided Salesforce collector v3.6.0Changed The DCSDK Docker base image has been updated from "1.5.1" to "1.6.0" Fixed Fixed error message in case of invalid credentials CyberArk Identity collector v1.5.1Fixed Fixed read timeout issue Imperva Collector v1.3.0Changed The DCSDK Docker base image has been updated from "1.5.1" to "1.7.0" Fixed Added request timeout to resolve unresponsive puller thread issue

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Parsers cloud.alibaba firewall.cisco cloud.gsuite cef0.checkPoint mim.venafi mail.mimecast box.win_winlogbeat iam.cyberark Updated Parserscloud.alibabaImprovements Updated parsing logic to parse new fields: cloud.alibaba.log_service.access_log firewall.ciscoFixed Fixed parser to support logs for certain event IDs: firewall.cisco.ftd cloud.gsuiteAdded Created vault_audit table for google workspace vault audit logs: cloud.gsuite.reports.vault_audit cef0.checkPointImprovements Updated parsing logic to parse new fields: cef0.checkPoint.threatEmulation cef0.checkPoint.smartdefenseAndVpn1Firewall1 mim.venafiAdded Added new table for mim.venafi.tlsprotectcloud.activitylogs: mim.venafi.tlsprotectcloud.activitylogs mail.mimecastImprovements Updated parsing logic to parse new fields: mail.mimecast.audit.events box.win_winlogbeatAdded Added new table for box.win_winlogbeat.dfs: box.win_winlogbeat.dfs iam.cyberarkAdded Added new table for iam.cyberark.identity.audit: iam.cyberark.identity.audit

 Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update. This post contains new and updated collector information as well as links to their respective pages in our Documentation portal. Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Collectors Forcepoint SWG Collector v2.1.0 Microsoft Defender ATP Endpoint Collector v2.3.0 Cortex XDR Collector v2.3.0 Google Workspace Reports Collector v1.13.0 BigID Collector v1.3.0 SOCRadar Collector v2.0.0 Abnormal Security Collector v2.2.0 Microsoft Defender ATP Endpoint Collector v3.1.0 Okta Collector v2.0.0 Menlo Security Collector v1.5.0 Radware CWAF Collector v1.1.0 Trend Micro Vision One Collector v1.5.2 Trellix ePO Collector v1.3.0 Airlock Digital Collector v1.1.0 CyberArk Identity Collector v1.5.0 SailPoint IdentityNow Collector v1.5.0  Updated CollectorsForcepoint SWG Collector v2.1.0Changed The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3" Fixed Updated datetime_key in swgweb service to fix delay in events Allowed override datetime_key and id_key from user config Microsoft Defender ATP Endpoint Collector v2.3.0Changed Refactored the code to use the SDK Template1CollectorPuller Refactored all the puller logics Updated the persistence logic, added new param in the persistence to avoid duplicates Added unit-tests Updated docker base image to 1.6.0 Cortex XDR Collector v2.3.0Improvements The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.3" Upgraded the docker base image to 1.6.0 Fixed Added timeout in the requests call to fix the unresponsive API issue Google Workspace Reports Collector v1.13.0Changed Updated docker base image to 1.6.0 Added Added a new service with application_name: vault for Google Vault audit logs BigID Collector v1.3.0Changed Updated the Docker base image to 1.6.0 Fixed Fixed token expiration validation to properly check if 24 hours (86400 seconds) have elapsed since token creation SOCRadar Collector v2.0.0Improvements Refactored the code to use Template1CollectorPuller Upgraded Docker base image to 1.6.0 Added Unit tests and added user_guide Upgraded DCSDK to 1.16.3 Abnormal Security Collector v2.2.0Changed The DCSDK Docker base image has been updated to "1.6.0" Upgraded the DCSDK to v1.16.3 Changed initial_start_time_in_utc to optional field Microsoft Defender ATP Endpoint Collector v3.1.0Changed Added a migration guide because of persistence incompatibility Fixed Fixed the issue with advance hunting service Fixed the issue with GCC high environment Fixed missing issue with alerts service Okta Collector v2.0.0Changed Refactored the code to use the latest DCSDK 1.16.3 Upgraded persistence to use initial_log_id to avoid duplicates Menlo Security Collector v1.5.0Changed Refactored the code to use the latest DCSDK 1.16.3 Added Fixed the bug for start date more than 30 days old Radware CWAF Collector v1.1.0Changed Refactored the code to use the latest DCSDK 1.16.3 Fixed Fix the persistence update issue after each API call Added optional param to handle waiting period on API failure Trend Micro Vision One Collector v1.5.2Changed Refactored the code to use the latest DCSDK 1.16.3 Added Fixed collector persistence issue when collector is paused for more than 5 days Trellix ePO Collector v1.3.0Changed Updated DevoCollectorSDK to version 1.16.3 Updated docker base image to 1.6.0 Fixed Override url issue Airlock Digital Collector v1.1.0Changed The DCSDK Docker base image has been updated from "1.2.0" to "1.6.0" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.11.1" to "1.16.3" Added Added admin_logs service CyberArk Identity Collector v1.5.0Changed Upgraded SDK image base to 1.6.0 Added Added new service siem_audit_events Added group base pulling mechanism SailPoint IdentityNow Collector v1.5.0Changed The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.3" Upgraded SDK image base to 1.6.0 Fixed Fixed invalid token issue by handling token expiry time

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Parsers firewall.barracuda iam.imprivata oem.gitlab box.win_nxlog cloud.aws edr.cybereason edr.crowdstrike bps.markmonitor network.hp firewall.watchguard adn.f5 firewall.all auth.ping firewall.checkpoint Created Parsers auth.okta iam.openldap box.win_nxlog mail.preveil storage.hpe  Updated Parsersfirewall.barracudaImprovements Added a new field Updated the parser logic to extract destination_host from raw logs where it appears after the destination_port field: firewall.barracuda.threat iam.imprivataImprovements Reassessed and updated the iam.imprivata.events parser to handle additional event types: iam.imprivata.events oem.gitlabAdded Added new fields: oem.gitlab.railslog box.win_nxlogFixed Fixed an issue causing some fields to return null: box.win_nxlog.dns cloud.awsImprovements Update field type: cloud.aws.guardduty.findings edr.cybereasonImprovements Update table to parse json: edr.cybereason edr.crowdstrikeFixed Fixed field not parsing: edr.crowdstrike.falconstreaming.detection_summary bps.markmonitorImprovements Updated bps.markmonitor.domain_management.domain parser to be compatible with new logs: bps.markmonitor.domain_management.domain network.hpImprovements Added 15 new 4th level tables Made 3rd level network.hp.switch parser compatible to process certain logs: network.hp.switch.activate network.hp.switch.event_802_1x network.hp.switch.dhcp_snoop network.hp.switch.captive_portal network.hp.switch.crypto network.hp.switch.idm network.hp.switch.ntp network.hp.switch.oobm network.hp.switch.snmp network.hp.switch.ssl network.hp.switch.stacking network.hp.switch.srcip network.hp.switch.intfd network.hp.switch.lldpd network.hp.switch.portAccessd firewall.watchguardImprovements Added support for DHCPACK events: firewall.watchguard.event adn.f5Fixed Fixed parser to support logs for certain event IDs: adn.f5.bigip.apm firewall.allImprovements Added firewall.barracuda.audit table to firewall.all.traffic and firewall.all.webfilter Added firewall.barracuda.threat table to firewall.all.ips and firewall.all.virus: firewall.all.traffic firewall.all.webfilter firewall.all.ips firewall.all.virus auth.pingImprovements Updated parsing logic to parse new fields: auth.ping.federate.security_audit firewall.checkpointImprovements Updated parsing logic to include a new field criticality: firewall.checkpoint.log_exporter Created Parsersauth.oktaCreated Created new parser auth.okta.devices iam.openldapCreated New table added: iam.openldap.slapd box.win_nxlogCreated Added new tables: box.win_nxlog.devicesetupmanager box.win_nxlog.taskscheduler box.win_nxlog.wmiactivity mail.preveilCreated New table added: mail.preveil.siemconnector.event storage.hpeCreated Added new table for storage.hpe.msa.events: storage.hpe.msa.events

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update. This post contains new and updated collector information as well as links to their respective pages in our Documentation portal. Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Collectors Alibaba Cloud Collector v1.5.0 Mulesoft Collector v1.2.0 Azure Collector v1.2.0 Recorded Future Collector v1.7.0 AWS Collector v1.14.1 Workday Collector v1.4.0 Trend Micro Deep Security Collector v1.6.0 Cisco Umbrella Collector v1.6.0 OneLogin Collector v1.4.0 SentinelOne Collector v2.0.0 Cloudflare Collector v1.4.0 Sophos Central Collector v3.0.0 SAP Cloud Audit Collector v2.0.0 CrowdStrike API Resources Collector v1.14.0 Imperva Collector v1.2.0 Salesforce Collector v3.5.1 Cybereason Collector v1.7.0 Office 365 Exchange Reports Collector v1.3.0 CyberArk Identity Collector v1.4.0 Google Workspace Reports Collector v1.12.0 Cisco Meraki Collector v2.2.0 Google Workspace Alerts Collector v1.11.0 Spidersilk Collector v1.1.0 Symantec Security Cloud Collector v1.1.0 TAXII Collector v2.0.0 AlienVault OTX Collector v2.0.0 Okta Collector v2.2.0    Updated CollectorsAlibaba Cloud Collector v1.5.0Changed The DCSDK Docker base image has been updated from "1.4.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.15.0" to "1.16.3" Fixed Added Exception handling to handle logs with invalid json format Mulesoft Collector v1.2.0Changed The DCSDK Docker base image has been updated from "1.3.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.16.3" Fixed Fixed initial_lookback_period pattern in schema Azure Collector v1.2.0Improvements Filter for invalid queue name New rules for cloud.azure.appservice.http New rules for cloud.azure.firewall for AZFW categories Upgraded the DCSDK to 1.16.2 Upgraded SDK image base to 1.5.1 Recorded Future Collector v1.7.0Changed The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3" AWS Collector v1.14.1Improvements Upgraded the DCSDK to 1.16.3 Bug Fix Fixed variable initialization on S3 generic puller Workday Collector v1.4.0Improvements Upgraded the DCSDK to 1.16.3 Trend Micro Deep Security Collector v1.6.0Changed The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3" Relaxed persistence.json file for backward compatibility Fixed Session management issue while authentication Cisco Umbrella Collector v1.6.0Changed The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3" Fixed Fixed the bug related to start_time params in the setup class OneLogin Collector v1.4.0Changed The DCSDK Docker base image has been updated from "1.3.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.12.4" to "1.16.3" Fixed Fixed start_time_regex not present error Fixed data_with_proper_sort KeyError for privileges service SentinelOne Collector v2.0.0Changed The DCSDK Docker base image has been updated from "1.4.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.15.0" to "1.16.3" Updated Request limits format in config Added Exposed an optional field to override page size Cloudflare Collector v1.4.0Improvements The DCSDK Docker base image has been updated from "1.4.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.15.0" to "1.16.3" Add Cloudflare logo Sophos Central Collector v3.0.0Changed The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3" Added New Data Source to fetch Endpoint details Added multi-tenancy support for sophos partner accounts SAP Cloud Audit Collector v2.0.0Changed The DCSDK Docker base image has been updated from "1.3.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.12.4" to "1.16.3" CrowdStrike API Resources Collector v1.14.0Improvements The DCSDK Docker base image has been updated from "1.4.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.15.0" to "1.16.3" Bug Fixes Stops the puller when receiving a SigTerm Imperva Collector v1.2.0Improvements Upgraded the DCSDK to v1.16.3 Upgraded docker base image to 1.5.1 Salesforce Collector v3.5.1Fixed Resolved partial data fetch in User service Cybereason Collector v1.7.0Changed The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3" Fixed Fixed a bug related to the start time for malop service Office 365 Exchange Reports Collector v1.3.0Changed The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3" Fixed Removed Unused service CyberArk Identity Collector v1.4.0Improvements The DCSDK Docker base image has been updated from "1.4.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.15.0" to "1.16.3" Improve the way it handles signals such as SIGTERM Google Workspace Reports Collector v1.12.0Changed Added a new service with application_name: chrome The DCSDK Docker base image has been updated from "1.4.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.15.0" to "1.16.3" Fixes Fixed the bug related to 'start_time' in the persistence Cisco Meraki Collector v2.2.0Improvements Upgraded the DCSDK to 1.16.3 Fixed Handled service start_time default issue Updated the config obfuscation to handle api key Refactored the code as per latest template Google Workspace Alerts Collector v1.11.0Changed The DCSDK Docker base image has been updated from "1.5.0" to "1.5.1" Upgraded the DCSDK to v1.16.3 Fixed Removed Id regex Spidersilk Collector v1.1.0Changed Added a new service darkweb_credential Added updated_since param in the config Upgraded the SDK to 1.16.3 Symantec Security Cloud Collector v1.1.0Changed The DCSDK Docker base image has been updated from "1.5.0" to "1.5.1" Upgraded the DCSDK to v1.16.3 Fixed Fixed delay issue TAXII Collector v2.0.0Changed The DCSDK Docker base image has been updated from "1.2.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.11.1" to "1.16.3" Fixed Fixed error while handling empty response on taxii 2.1 Fixed error while handling pagination on taxii 2.1 AlienVault OTX Collector v2.0.0Changed Upgraded DCSDK from 1.9.1 to 1.16.3 Upgraded Docker base image to 1.5.1 Refactored codebase to follow standard collector template Fixed Fixed credentials obfuscation invalid key error Okta Collector v2.2.0Changed The DCSDK Docker base image has been updated from "1.4.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.15.0" to "1.16.3"

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!  Table of ContentsUpdated Parsers network.citrix auth.all firewall.barracuda cloud.office365 firewall.cisco firewall.sophos firewall.watchguard adn.f5   Updated Parsersnetwork.citrixFixes Added a fix to parse user info from the logs: network.citrix.adc.aaatm network.citrix.adc.aaa auth.allImprovements Updated mappings in auth.all union firewall.barracudaFixes Fixed parsing issue causing log data to be parsed in the wrong fields: firewall.barracuda.threat cloud.office365Added Added new field: cloud.office365.management.quarantine firewall.ciscoImprovements Updated parsing rules to parse new log types: firewall.cisco.asa firewall.sophosImprovements Added new fields to firewall.all.traffic union and fixed rules in firewall.sophos.xgfirewall.firewall to parse tran_src_port and tran_dst_port: firewall.sophos.xgfirewall.firewall firewall.all.traffic firewall.watchguardImprovements Added and fixed rules to parse newer types of logs: firewall.watchguard.event adn.f5Improvements Added rules to parse newer types of logs: adn.f5.bigip.apm

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update.   This post contains new and updated collector information as well as links to their respective pages in our Documentation portal.  Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources!  Table of ContentsUpdated Collectors Devo Collector Thinkst Canary v1.3.0 ServiceNow API Collector v2.2.0 Trend Micro Vision One Collector v1.5.1 Cortex XDR Collector v2.2.0 Fastly Next-Gen WAF Collector v1.4.0 Malwarebytes Nebula Collector v1.2.0 Cisco Meraki Collector v2.1.0 Tencent Collector v1.5.0 Box Collector v2.2.0 Trellix Epo Collector v1.2.0 AWS Collector v1.14.0 Sophos Central Collector v2.2.0 Salesforce Collector v3.5.0 AWS SQS Collector v1.11.0 Office 365 Exchange Reports Collector v1.2.0 ExtraHop Revealx Collector v1.4.0 Cybereason Collector v1.6.0 Cylance Collector v1.4.0 Prisma Cloud Logs Collector v2.1.0 Mimecast Collector v2.4.0 Darktrace Collector v1.2.0 Netskope V2 Collector v2.1.0 Microsoft Github Collector v3.1.0 Cisco Umbrella Collector v1.5.0 TenableIO Collector v2.2.0 Recorded Future Collector v1.6.0 Duo Collector v2.2.1 Microsoft Defender Cloud Apps Collector v1.5.0 Microsoft Office365 Management Collector v2.7.0 Forcepoint SWG Collector v2.0.0 Qualys Collector v2.4.0 Abnormal Security Collector v2.1.0 VMware Carbon Black Cloud Collector v2.0.0 OCI OSS Collector v2.1.0 Microsoft Defender ATP Endpoint Collector v2.2.1 Lark Collector v1.4.0 Snowflake Collector v4.2.0 Trend Micro Apex Central Collector v2.0.0 Trend Micro Deepsec Collector v1.5.0 Flashpoint Intelligence Collector v1.3.0 Big ID Collector v1.2.0  Updated CollectorsDevo Collector Thinkst Canary v1.3.0Improvements The DCSDK Docker base image has been updated from "1.3.1" to "1.5.0" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.16.2" ServiceNow API Collector v2.2.0Improvements Updated DCSDK to 1.16.2 Updated docker base image to 1.5.1 Trend Micro Vision One Collector v1.5.1Improvements Updated DCSDK to 1.16.2 Updated docker base image to 1.5.1 Bug Fixes Fixed collector restart issue because of start time restriction Cortex XDR Collector v2.2.0Improvements Updated DCSDK to 1.16.2 Updated docker base image to 1.5.1 Fastly Next-Gen WAF Collector v1.4.0Improvements Updated DCSDK to 1.16.2 Updated docker base image to 1.5.1 Malwarebytes Nebula Collector v1.2.0Improvements Updated DCSDK to 1.16.2 Updated docker base image to 1.5.1 Cisco Meraki Collector v2.1.0Improvements The DCSDK Docker base image has been updated to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.2" Tencent Collector v1.5.0Improvements The DCSDK Docker base image has been updated to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.2" Bug Fixes Fix in tencent log fetcher to handle multiple time formats Box Collector v2.2.0Improvements The DCSDK Docker base image has been updated to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.2" Trellix Epo Collector v1.2.0Improvements The DCSDK Docker base image has been updated to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.2" AWS Collector v1.14.0Improvements Updated DCSDK to 1.16.2 Updated docker base image to 1.5.1 Sophos Central Collector v2.2.0Improvements The DCSDK Docker base image has been updated from "1.5.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.1" to "1.16.2" Salesforce Collector v3.5.0Improvements The DCSDK Docker base image has been updated from "1.5.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.1" to "1.16.3" Fixes Fetched complete user list in User service to ensure full data ingestion Handled Interval field parsing in EventLogFile service AWS SQS Collector v1.11.0Improvements The DCSDK Docker base image has been updated from "1.5.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.2" to "1.16.3" Bug Fixes Fixed TypeError issue in setup Office 365 Exchange Reports Collector v1.2.0Improvements The DCSDK Docker base image has been updated from "1.5.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.1" to "1.16.2" ExtraHop Revealx Collector v1.4.0Improvements The DCSDK Docker base image has been updated from "1.5.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.1" to "1.16.2" Cybereason Collector v1.6.0Improvements The DCSDK Docker base image has been updated from "1.5.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.1" to "1.16.2" Cylance Collector v1.4.0Improvements The DCSDK Docker base image has been updated from "1.5.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.16.1" to "1.16.2" Bug Fixes Fixed time format in url for threats and detections services Prisma Cloud Logs Collector v2.1.0Improvements The DCSDK Docker base image has been updated from "1.3.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.16.2" Mimecast Collector v2.4.0Improvements The DCSDK Docker base image has been updated from "1.3.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.16.2" Fixes Fixed the auth token api 429 errors Darktrace Collector v1.2.0Improvements The DCSDK Docker base image has been updated from "1.3.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.16.2" Netskope V2 Collector v2.1.0Improvements The DCSDK Docker base image has been updated from "1.3.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.16.2" Microsoft Github Collector v3.1.0Improvements The DCSDK Docker base image has been updated from "1.2.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.12.1" to "1.16.2" Cisco Umbrella Collector v1.5.0Improvements The DCSDK Docker base image has been updated from "1.3.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.12.4" to "1.16.2" TenableIO Collector v2.2.0Improvements Upgraded the DCSDK to 1.16.2 Upgraded SDK image base to 1.5.1 Bug Fixes Fixed wrong parameter issue with was_vulnerabilities service Recorded Future Collector v1.6.0Improvements The DCSDK Docker base image has been updated from "1.3.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.12.4" to "1.16.2" Duo Collector v2.2.1Improvements The DCSDK Docker base image has been updated from "1.3.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.16.2" Fixes Fix for index out of range error Variable referenced before assignment Microsoft Defender Cloud Apps Collector v1.5.0Improvements The DCSDK Docker base image has been updated from "1.3.1" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.16.2" Updated default request_period_in_seconds value to 21600 for snapshot type of services Fixes Fixed duplicate files fetching issue by saving modifiedDate in persistence Microsoft Office365 Management Collector v2.7.0Improvements Upgraded the DCSDK to 1.16.2 Upgraded SDK image base to 1.5.1 Fixes Fixed ZoneInfo keys may not be absolute paths error Forcepoint SWG Collector v2.0.0Improvements Upgraded DCSDK from "1.12.2" to "1.16.2" Upgraded docker base image from "1.3.0" to "1.5.1" Fixes Resolved the 429 error due to api limit by introducing autoconfig parameter in the config Qualys Collector v2.4.0Improvements Upgraded DCSDK from "1.12.2" to "1.16.2" Upgraded docker base image from "1.3.0" to "1.5.1" Fixes Fixed dependency issue Abnormal Security Collector v2.1.0Improvements Refactored entire codebase to use templates Replaced non paginated apis with paginated apis Upgraded DCSDK to 1.16.2 The DCSDK Docker base image has been updated to "1.5.1" Fixes Fixed the issue of offset exceeding 10000, handling 400 error Added error handling to ignore event with 5** error for /threat/{id} and /cases/{id} apis Added Added new audit service for audit logs collection Added new table for audit logs mail.abnormalsecurity.audit VMware Carbon Black Cloud Collector v2.0.0Improvements Upgraded DCSDK to "1.16.2" Upgraded docker to "1.5.1" Fixes Fixed 403 forbidden issue OCI OSS Collector v2.1.0Improvements The DCSDK Docker base image has been updated to "1.5.0" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.13.1" Fixes Added a Cursor regeneration mechanism on expiration of cursor Updated the error code of various pull errors Microsoft Defender ATP Endpoint Collector v2.2.1Improvements The DCSDK Docker base image has been updated to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.2" Fixes Fixed the unknown url bug in the assessments service Decreased the number of requests to handle the 429 issue Lark Collector v1.4.0Improvements The DCSDK Docker base image has been updated to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated to "1.16.2" Fixes Added new filter in audit logs of user type Snowflake Collector v4.2.0Improvements Upgraded the DCSDK to 1.16.3 Upgraded SDK image base to 1.5.1 Made private_key_pwd field optional Fixes Fixed custom service issue Trend Micro Apex Central Collector v2.0.0Improvements Upgraded the DCSDK to 1.16.2 Upgraded SDK image base to 1.5.1 Trend Micro Deepsec Collector v1.5.0Improvements Upgraded the DCSDK to 1.16.2 Upgraded SDK image base to 1.5.1 Flashpoint Intelligence Collector v1.3.0Improvements The DCSDK Docker base image has been updated from "1.3.0" to "1.5.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.12.2" to "1.16.3" Big ID Collector v1.2.0Improvements Upgraded the DCSDK to 1.16.3 Upgraded the docker base image to 1.5.1 Fixes Fixed the 500 error code by requesting data in batches

Team Devo is happy to present Devo Platform 8.16.17, which introduces some amazing and impactful capabilities. For MSSPs, a giant step forward with the Shared Alerts feature. MSSPs can now share Parent Domain alerts across their tenant domains, individually or in bulk. This not only simplifies enabling new clients, but now clients can see all the protection provided by the MSSP! Workflow-wise, we have improved alert management with editable Post Alert Filtering, organized Common lookups in a new tab, and released the new Funnel Widget for Activeboards.  Rounding off this release with a collection of improvements and bug fixes, make sure you jump right in!  Release GeosRegion Status CA Released US Released EU Released APAC Released    Table of ContentsNew Features Shared Alerts feature for MSSP’s Edit Post Alert Filters Common Lookups Activeboards: New Chart: Funnel Improvements Relays and ELB section renamed to Ingestion Alerts: Alert and Rule name column width increased Two new Statuses for Triggered Alerts Bug Fixes  New FeaturesShared Alerts feature for MSSP’sQuite possibly one of the biggest updates to the Devo Platform, MSSP’s can now share Alerts from the Parent Domain to the Child domains. This means that it will be much easier for customers to see value as they will be able to see the threat’s the MSSP has resolved for them!!This feature introduces the following capabilities:Root Domain Alert Sharing: Alert rules installed in the root domain can now be optionally shared with tenant domains. Configurable Sharing: Choose which alerts to share or keep alerts private from tenant domains Rule Management: Share your alerts individually or in bulk through the Alerts->Rules tab. (API functionality coming soon) Shared Auditing: Shared/Unshared actions logged in devo.audit.alert.definition table.Learn more in our documentation. Edit Post Alert FiltersThis new capability allows you to edit post filters after they have been created giving you more flexibility and control when managing your alerts. When you are managing multiple hundreds of alerts at a time, this flexibility is a key win!The following elements can be edited:Name Condition Action Common LookupsUnder the Administration section then Data Management you will see we have divided the Lookups tab between Domain Lookups and Common Lookups.The new Common Lookups Section contains lookups that have been provided by Devo like Mispindicator and those shared with a domain from the parent domain.Common Lookups are restricted in the tenant domain by:Does not display lookup type Does not display status Does not display if it is a shared lookup Disabled download in CSV Disabled edit function Disabled updating function Disabled share function Disabled Delete function Disabled Go to query functionActiveboards: New Chart: FunnelA new widget, the Funnel Chart will be available in Activeboards.A Funnel Chart is a type of chart that is used to represent data in stages, showing the progressive reduction of data as it moves through a process. This is particularly useful for visualizing conversion rates, identifying bottlenecks, and optimizing processes in areas such as sales, marketing, and user engagement.  ImprovementsRelays and ELB section renamed to IngestionThe Section “Relays and ELB” will be renamed to “Ingestion”.  This change is also reflected in the Roles section. Alerts: Alert and Rule name column width increasedThis change will ensure most names are fully visible with out needing to hover over the element. Two new Statuses for Triggered AlertsTrue Positive and Under Investigation statuses have been added to the Triggered Alerts page for triage actions. Bug Fixes Fixed Usage Analytics average daily ingestionFixed Activeboard find-widget not adapting to dark modeFixed find words component after resizePDF Reports vulnerabilities up to dateFixed bulk comment window in Alert Triggered View.Fixed copy alert names from Alert Triggered View.  

The Devo Collector team is happy to present the latest release of the Cloud Collector. Release 1.5.0 introduces significant enhancements to the Cloud Collector vertical application that provide greater visibility and control over your collector infrastructure. This release introduces unified viewing capabilities for both self-service and legacy collectors within a single interface. Now you can manage your full collector inventory, manage and plan migrations of old collectors into the new infrastructure, and directly operate your ingestion architecture.  Review your collectors with the Cloud Collector app, and if you still have older collectors, plan those migrations! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew Features Enhanced Collector Visibility Important Notes Legacy Collector Functionality Upgrade Path Benefits Improved Operational Visibility Streamlined Migration Planning Getting Started Support  New FeaturesEnhanced Collector VisibilityUnified Collector ViewView all your collectors in one centralized location Browse your existing legacy collectors directly within the applicationFor Legacy CollectorsCurrent State: View-only access Post-Upgrade:  Self-service capabilities are automatically enabled when upgraded Clear visual indicators distinguishing legacy from self-service collectorsImportant NotesLegacy Collector FunctionalityLegacy collectors currently appear in read-only mode Management actions (start/stop/configure) are not available until upgrade completionUpgrade PathWhen legacy collectors are upgraded, they automatically inherit full self-service functionality Upgraded collectors seamlessly integrate with existing self-service workflowsBenefitsImproved Operational VisibilitySingle pane of glass for all collector infrastructure Comprehensive view of both current and legacy environments Enhanced  capabilities for infrastructure modernizationStreamlined Migration PlanningClear visibility into legacy collector inventoryGetting StartedLog into your Cloud Collector application Navigate to the main collectors dashboard View your complete collector inventory with clear type indicators Use filtering options to focus on specific collector categories Plan your legacy collector upgrades using the new visibility toolsSupportFor questions about this release or assistance with legacy collector upgrades, please contact our support team or refer to the updated documentation in the Help section.

The Devo Security Alerts team has published OOTB Alerts Release 36! This release delivers improvements to 577 Out-of-the-Box (OOTB) alerts, representing the entire OOTB alert catalog available to you from Devo Exchange. Release 36  focuses on 3 themes: Optimized query performance, Integration of device data, and restructuring of mm2 operations to use the new functions. These updates provide more precise, faster, and actionable alerting, improving your overall security posture. To access this content, Devo Exchange has added easy-to-navigate notifications when updates to your installed alerts are available. Changes included in this update:Rewritten Lookups & Optimized Queries: All 577 OOTB alerts now feature re-engineered lookup operations and optimized query performance (filtering before grouping). Integrated Device Data: Comprehensive device data is now included in all OOTB alerts, providing richer context for quicker and more effective investigation. Refactored mm2 Operations: The mm2 operations have been restructured to the new operations released by the development team.  Sample of Alerts update by ClassAuthenticationSecOpsAuthPasswordSprayHostSecOpsAuthPasswordSprayIpSecOpsCDPossibleIocIpFoundInAuthData AWSSecOpsAWSCreateloginprofileSecOpsAWSDetectStsAssumeRoleAbuseSecOpsAWSDetectUsersCreatingKeysWithEncryptPolicyWithoutMFA AzureSecOpsAzureDevOpsAuditDisabledSecOpsAzureDevOpsPATMisuseSecOpsAzureDevOpsProjectVisibilityChanged GoogleSecOpsGCPGCPloitExploitationFrameworkActivitySecOpsGCPGCSBucketEnumeratedSecOpsGCPGCSBucketModified Office365SecOpsActivityPerformedByTerminatedUserO365SecOpsAdministrativeActivityFromNonCorporateIPO365SecOpsAnomalousBehaviorDiscoveredUsersO365 LinuxSecOpsLinuxCommandExecutionWebUserSecOpsLinuxCompressEncryptDataSecOpsLinuxCurlExecution DNSSecOpsLog4ShellVulnOverDomainsUnionTableConnectionsWithLookupSecOpsPossibleDnsEncodingQuerySecOpsREvilKaseyaDomainConnection Firewallnetwork/firewall/SecOpsFWPortScanExternalSourcenetwork/firewall/SecOpsFWPortScanInternalSourcenetwork/firewall/SecOpsFWPortSweepInternalSource ProxySecOpsLog4ShellVulnerabilityCloudAzureSecOpsLog4ShellVulnerabilityOverProxyConnectionsSecOpsMoveitPotentialNetworkActivityExploitation EDRSecOpsHAFNIUMHashFoundFileTargetingExchangeServersSecOpsLog4ShellVulnerabilityOverCrowdStrikeSecOpsMoveitWindowsEvtxFileCreation WindowsSecOpsDeletingMassAmountOfFilesSecOpsEnumerationFor3rdPartyCredsFromCliSecOpsFailLogOn

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Parsers cloud.azure auth.all ids.calyptix proxy.calyptix network.meraki cloud.meraki box.win_snare box.all.win firewall.paloalto box.vmware cloud.alibaba firewall.barracuda cspm.sysdig.secure.event edr.all.threats firewall.cisco box.all.win network.hp  Updated Parserscloud.azureAdded new field cloud.azure.ad.signin_all auth.allUpdated Replace cloud.azure.ad.signin table by cloud.azure.ad.signin_all union that includes all Azure AD (Entra ID) signing tables ids.calyptixAdded new field ids.calyptix.snort.alert proxy.calyptixAdded new field proxy.calyptix.webfilter.event network.merakiAdded new fields network.meraki.security_event network.meraki.switch cloud.merakiAdded new field cloud.meraki.api.changelog box.win_snareAdded missing fields box.win_snare box.win_snare.sysmon box.all.winAdded missing fields box.all.win firewall.paloaltoAdded support to LEEF 2.0 format firewall.paloalto.traffic box.vmwareFixed parsing issue for UDP and ICMP logs box.vmware.firewall_packet cloud.alibabaAdded missing fields cloud.alibaba.log_service.access_log firewall.barracudaFixed the null values issue firewall.barracuda.audit cspm.sysdig.secure.eventCreated a new table cspm.sysdig.secure.event edr.all.threatsNew table added to the union (ids.wazuh.alerts) Ids.wazuh.alerts New table added to the union (cef0.kaspersky.kasperskyEndpointSecurityForWindows) cef0.kaspersky.kasperskyEndpointSecurityForWindows firewall.ciscoFixed parser to parse SFIMS events firewall.cisco.fmc box.all.winAdded box.win_wincollect tables to support WinCollectnetwork.hpFixed parsing issue for unsuccessful events network.hp.switch.mgr network.hp.switch.auth

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update.   This post contains new and updated collector information as well as links to their respective pages in our Documentation portal.  Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Collectors Crowdstrike Api collector v1.13.0 Snowflake Collector v3.1.0 Tencent Collector v1.2.0 OnePassword Collector v1.2.0 Cloudflare Collector v1.2.0 GCP Collector v2.3.0 Google Workspace Reports Collector v1.11.0 Google Workspace Logs Bigquery Collector v1.1.0 AWS SQS Collector v1.8.0 SentineOne Collector v1.6.0 Tenable Collector v2.1.0 Snowflake Collector v4.0.1 Microsoft Office365 Management Collector v2.5.0 Cloudflare Collector v1.3.0 Malwarebytes Nebula Collector v1.1.0 Cylance Collector v1.3.0 Office365 Exchange Reports Collector v1.1.0 Cortex XDR Collector v2.1.0 Tencent Collector v1.3.0 AWS Collector v1.13.0 ExtraHop Revealx Collector v1.3.0 Cybereason Collector v1.5.0 Box Collector v2.1.0 Trellix Epo v1.1.0 Salesforce Collector v3.3.0 Servicenow Collector v2.1.0 AWS Collector v1.13.1 AWS SQS Collector v1.9.0 Cisco Meraki Collector v2.0.0 Trend Micro Vision One collector 1.4.0 Sophos Central Collector v2.1.0 Fastly Nextgen WAF v1.3.0  Updated CollectorsCrowdstrike Api collector v1.13.0Fixed Fixed data loss issue for the vulnerabilities service Changed The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.15.0" The DCSDK Docker base image has been updated from "1.3.1" to "1.4.1" Added optional field time_buffer_seconds to adjust time delay while pulling data Snowflake Collector v3.1.0Fixes Fixed the huge memory issue by sending messages in batches Improvements Fixed unit tests Upgraded the DCSDK from 1.13.1 to 1.15.0 Tencent Collector v1.2.0Fixes Fixed the issue of wrong time parsing when receiving in seconds instead of milliseconds Fixed the persistence reset steps Features Provided an optional field in user config to manage the number of consumer threads to improve ingestion speed OnePassword Collector v1.2.0Improvements The DCSDK Docker base image has been updated from "1.3.0" to "1.4.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.12.4" to "1.15.0" Cloudflare Collector v1.2.0Improvements The DCSDK Docker base image has been updated from "1.3.0" to "1.4.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.12.4" to "1.15.0" GCP Collector v2.3.0Improvements The DCSDK Docker base image has been updated from "1.4.0" to "1.4.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.14.0" to "1.15.0" Google Workspace Reports Collector v1.11.0Improvements The DCSDK Docker base image has been updated from "1.3.0" to "1.4.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.12.4" to "1.15.0" Google Workspace Logs Bigquery Collector v1.1.0Improvements The DCSDK Docker base image has been updated to "1.4.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.15.0" AWS SQS Collector v1.8.0Improvements The DCSDK Docker base image has been updated to "1.4.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.15.0" SentineOne Collector v1.6.0Improvements The DCSDK Docker base image has been updated to "1.4.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.10.2" to "1.15.0" Tenable Collector v2.1.0Improvements The DCSDK Docker base image has been updated from "1.3.1" to "1.4.1" The DevoCollectorSDK Python package (devo-collector-sdk) has been updated from "1.13.1" to "1.15.0" Snowflake Collector v4.0.1Improvements Updated Authentication method to Key-pair authentication Bug Fixes Fixed no module name import error Microsoft Office365 Management Collector v2.5.0Improvements Updated DCSDK from 1.12.4 to 1.15.0 Upgraded dcsdk-docker-base-image to 1.4.1 Cloudflare Collector v1.3.0Fixes Validation restriction for id to be an integer is removed API key type is changed to string from integer Fixed persistence reset logic Malwarebytes Nebula Collector v1.1.0Improvements Updated DevoCollectorSDK version from 1.7.2 to 1.16.1 Updated dcsdk-docker-base-image to 1.5.0 Cylance Collector v1.3.0Improvements Upgraded DevoCollectorSDK version from 1.10.0 to 1.16.1 Updated dcsdk-docker-base-image to 1.5.0 Office365 Exchange Reports Collector v1.1.0Improvements Updated DevoCollectorSDK version from 1.11.1 to 1.16.1 Updated dcsdk-docker-base-image to 1.5.0 Cortex XDR Collector v2.1.0Improvements Upgraded DevoCollectorSDK version from 1.13.1 to 1.16.1 Updated dcsdk-docker-base-image to 1.5.0 Tencent Collector v1.3.0Improvements Upgraded DevoCollectorSDK version from 1.15.0 to 1.16.1 Updated dcsdk-docker-base-image to 1.5.0 Fixes Fixed the issue of the collector fetching data from the current time and not the time specified Features Added support for 3 different log types, making the code generic AWS Collector v1.13.0Improvements Upgraded DCSDK from 1.15.0 to 1.16.1 Updated dcsdk-docker-base-image to 1.5.0 Fixes Fixed the bug related to the throttling issue ExtraHop Revealx Collector v1.3.0Improvements Updated Docker base image from "1.2.0" to "1.5.0" Updated DCSDK from "1.11.1" to "1.16.1" Cybereason Collector v1.5.0Improvements Updated Docker base image from version "1.2.0" to "1.5.0" Updated DCSDK from version "1.11.1" to "1.16.1" Box Collector v2.1.0Improvements Upgraded docker base image to 1.5.0 Upgraded the DCSDK to 1.16.1 Trellix Epo v1.1.0Improvements Upgraded docker base image to 1.5.0 Upgraded the DCSDK to 1.16.1 Salesforce Collector v3.3.0Improvements Added input field to override value of root domain Updated DCSDK to 1.16.1 Updated docker base image to 1.5.0 Servicenow Collector v2.1.0Improvements Updated DCSDK to 1.16.1 Updated docker base image to 1.5.0 Fixes Fixed initialization error in custom service AWS Collector v1.13.1Fixes Added a param delay_in_minutes to fix missing logs issue in guardduty service AWS SQS Collector v1.9.0Improvements Updated DCSDK from 1.15.0 to 1.16.1 Updated docker base image to 1.5.0 Fixes Fixed local variable 'record_fields' referenced before assignment Error in sqs_fdr_puller Cisco Meraki Collector v2.0.0Improvements Refactored the code to the latest template and improved error handling Upgraded the DCSDK to 1.16.1 Upgraded the docker base image to 1.5.0 Added unit tests Trend Micro Vision One collector 1.4.0Improvements Upgraded the DCSDK to 1.16.1 Upgraded SDK image base to 1.5.0 Fixes Fixed Audit logs wrong parameter issue Sophos Central Collector v2.1.0Improvements Updated DCSDK from 1.15.0 to 1.16.1 Updated docker base image to 1.5.0 Fixes Fixed Initialisation error on collector restart Fastly Nextgen WAF v1.3.0Improvements Updated DCSDK from 1.15.0 to 1.16.1 Updated docker base image to 1.5.0 Fixes Fixed Initialisation error on collector restart

The latest release of the Devo Platform is here! Release 8.16.3 brings one new feature and a few improvements.  The primary change is in Devo’s ability to empower you to search your Alerts.  We’ve added Advanced Pro Filtering to the Alerts page that allows you to write queries to search your entire Alert library. You can start your filtering with the Simple Filter drop-downs, then switch to Pro filtering, and your simple filters will be automatically translated into a Pro filter query with real-time auto-complete. Check out the full details below! Remember, we also have ProdCasts so you can listen while you work!  Geo AvailabilityRegion Status CA Released US Released US3 Released EU Released APAC Released   Table of ContentsNew Feature Alerts Advance Search with Pro Filters Improvements Updated permissions for “Current Queries”  New FeatureAlerts Advance Search with Pro FiltersA normal environment can have thousands of alerts! With this release, we introduce Pro filters to help you find the exact alert or group of alerts you need to update.Alert Search Filters now include:Simple Filters: dropdown-based filters Pro Filters: custom written intuitive queries with real-time auto complete suggestion to filter alerts.Additional functionality was added to automatically convert your chose Simple filters to an equivalent Pro filter query. Learn more in our Documentation. ImprovementsUpdated permissions for “Current Queries”We’ve updated this permission to be based on User Roles.Admin Users: will view/manage all queries running on the domain. Non-Admin Users: can view and manage only their own queries within the domain.Learn more in our documentation.

The Devo Relay is a critical feature of Devo that receives inbound events from your data sources and then sends them to your Devo instance with all the tagging and processing rules that make Devo work as fast as it does.   Release 2.15.1 adds automations and new OS support.  The first automation added removes the additional steps to launch the relay after setup.  With this next feature, all certificates will automatically renew 1.5 months before expiration. This is a huge usability improvement and greatly received!  Lastly, support for Ubuntu 24, aka Noble Numbat, and support for Ubuntu 20 has been retired.  Learn more below!  Table of ContentsEnhancements Automatic activation Automatic renewal of Relay Certificates Support for Ubuntu 24 Removed support for Ubuntu 20 Bug Fixes Source tag capture groups  EnhancementsAutomatic activationThe relay is now automatically activated after setup. No need to go to the UI to click on the activation button.Learn more in our documentation Automatic renewal of Relay CertificatesRelay certificates are now automatically renewed before expiration, yay! One and a half months before the expiration date, the certificate will be automatically renewed. Support for Ubuntu 24Added support for Ubuntu 24, also known as Noble Numbat. Please note, you need to upgrade to devo-monitor v2.1.2 as a requirement. Removed support for Ubuntu 20Support for this outdated version of Ubuntu is discontinued.Read more in our documentation. Bug FixesSource tag capture groupsBug stopping this tag in rules from working has now been corrected.

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Parsers box.audit storage.synology network.meraki cef0.checkPoint cef0.cyberark Ddos.arbor firewall.fortinet firewall.watchguard   Updated Parsers box.audit Fixed for: box.audit.unix.auditd Fixed: Fixed additional trailing quote issue for OUID, OGID and FSGID fields. storage.synology Added new field: storage.synology.dsm.connection network.meraki Fixed issue for: network.meraki.events cef0.checkPoint Added new field: cef0.checkPoint.queryDatabase cef0.cyberark Added new field: cef0.cyberark.pta Ddos.arbor Fixed parsing issues and added support for legacy messages for: ddos.arbor.pravail.aps firewall.fortinet Fixed issue for: firewall.fortinet.event.system firewall.watchguard Fixed issue for: firewall.watchguard.event

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update.   This post contains new and updated collector information as well as links to their respective pages in our Documentation portal.  Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsUpdated Collectors Fastly Next-gen WAF v1.2.0 Alibaba Cloud collector v1.4.0 Big ID collector v1.1.0 Microsoft Defender ATP for Endpoint collector v2.1.0 Google Workspace Alerts collector v1.10.0 Proofpoint TAP collector v3.3.0 CyberArk Identity collector v1.3.0 Salesforce Collector v3.2.1 Wiz Collector v1.8.0 Okta collector v2.1.0 Zscaler collector v2.0.3 Office365 Exchange Message Tracing Collector v2.4.0 Microsoft Defender ATP (Endpoint) collector v2.1.1 Sailpoint IdentityNow collector v1.1.1  Updated CollectorsFastly Next-gen WAF v1.2.0Fixed Fixed init variable error for fastly event services Handled invalid start time condition for feed_request service Updated default request_period_in_seconds to avoid invalid time interval issue for feed_request service Changed Upgraded DCSDK from 1.12.4 to 1.15.0 Upgraded dcsdk-docker-base-image to 1.4.1 Alibaba Cloud collector v1.4.0Added Added custom service for pulling data from log stores Big ID collector v1.1.0Bug Fixes Modification of the endpoint that returned data in an incorrect format Improvements Updated DCSDK from 1.13.1 to 1.15.0 Microsoft Defender ATP for Endpoint collector v2.1.0Improvements Improved the pull logic of the alerts service, reducing the time to send the alerts data Bug Fixes Fixed the issue of api/alerts/{"id"]}/user endpoint, handling 404 error Google Workspace Alerts collector v1.10.0Improvements Updated DCSDK from 1.13.1 to 1.15.0 Bug Fixes Fixed a concurrency issue in which multiple threads could attempt to read the credentials file before it was fully written, resulting in an "Expecting value…" JSON parsing error. Now, both read and write operations for the credentials file are protected by the same global lock, ensuring the file is correctly created before it is accessed in concurrent environments. Proofpoint TAP collector v3.3.0Improvements Improvements of the request limit for every service Optimized the pull logic and flatten logic of the threat service CyberArk Identity collector v1.3.0Improvements Updated base URL Updated DCSDK to 1.15.0 Upgraded docker base image to 1.4.1 Salesforce Collector v3.2.1Improvements Fixed unit tests Added internal user guide Fixes Fixed the persistence logic to avoid getting stuck in loop Wiz Collector v1.8.0Feature Provided an option to override auth token in user config Bug fixes Made changes for latest WIZ certification requirements Improvements Upgraded DCSDK to 1.15.0 Upgraded docker base image to 1.4.1 Added unit tests Added internal user guide Okta collector v2.1.0Improvements Added support for obfuscation functionality Updated DCSDK to 1.15.0 Upgraded docker base image to 1.4.1 Zscaler collector v2.0.3Fixes Fixed the issue for Waiting until setup will be executed Office365 Exchange Message Tracing Collector v2.4.0Changed Upgraded DCSDK from v1.13.1 to v1.15.0 Upgraded dcsdk-docker-base-image to 1.4.1 Fixed Fixed authentication issue Microsoft Defender ATP (Endpoint) collector v2.1.1Bug Fix Fixed issue for recommendation and machine service was getting stuck Sailpoint IdentityNow collector v1.1.1Bug fixing Fixed issue with status code error Fixed issue with missing logs Improvements DCSDK update from 1.8.0 to 1.15.0 Upgraded dcsdk-docker-base-image to 1.4.1

The latest release of the Devo Platform is here! Release 8.15.17 brings one main improvement and a few bug fixes.  The primary change is in the Data Search page, we’ve moved the Lookup Management and Current queries tab to the administration section.  This change was done for functional consistency, keeping in mind some great to come in the future.  In support of this change the Role permissions for these two tabs where also moved, now under the Data Section.  In addition to this main change, we also have some small improvements and bug fixes. Remember we also have ProdCasts so you can listen while you work! Geo AvailabilityRegion Status CA Released US Released US3 Released EU Released APAC Released  Table of ContentsImprovements Relocation of “Lookup Management” and “Current queries” from Data Search Small changes Bug fixesImprovementsRelocation of “Lookup Management” and “Current queries” from Data SearchWe’ve moved these two tabs to improve navigation and functional consistency.  You can find both Lookups and Current queries under Administration→ Data management.For more details, see our documentation.In support of this change the Role permissions for Lookups and Current querries have been moved from Data Search section to the Data Section.Small changes  Menu: Previously, the main menu’s submenu tooltips did not always disappear when the user moved the mouse pointer out of the area. This has been corrected, and unnecessary tooltips removed.  Bug fixes  Notifications: Previously, notifications were not displayed on the notifications page. Now all relevant notifications are displayed. Data search: Previously, when a time period with no data was selected, an error notification was displayed. Now, a clear message indicating “no data to display“ appears directly within the table.  

The latest release of the Devo Platform is here! Release 8.15.15 brings a pair of usability improvements and bug fixes. With this release, users who use Single Sign-On will be able to quickly return to their session after they log out with the new Session Recovery system. For Data Search, you now have more control over how you Download Data, be it directly on the browser or as a background process, providing new flexibility for large data sets.  New download formats were also added to improve the flexibility of this tool.  Lastly, a new wait period is introduced to the automatic token deletion system of 30 days.  Learn more here! Geo AvailabilityRegion Status CA Released US Released US3 Released EU Released APAC Released  Table of ContentsNew Feature Recover Session functionality added for SSO logins Improvement Improvements to Download Data form in Data Search Token Deletion Delay Bug Fixes New FeatureRecover Session functionality added for SSO loginsUser who log out of an Single Singe-On session will have a new option to recover their session from the log in page.  This functionality will be remain available until the browser is refreshed.Learn more in our Documentation.ImprovementImprovements to Download Data form in Data SearchWe have improved the Download Data function to provide greater clarity regarding how downloads are executed.  The system has be optimized as follows:Two new Radio Buttons:Attachment - Lets you download the data immediately via browser. Download Link - Lets you download the data as a background task.A secondary list of available file formats is additionally presented based on your chosen radial button option.Learn more in our Documentation. Token Deletion DelayWhen tokens expire, the system now waits 30 days after expiration before automatically deleting the token. Bug Fixes Audit logs: Previously, the audit log displayed the actual token when a user accessed its details. Now, for enhanced security, the log shows the hashed value of the token. Data search: Previously, when a time period with no data was selected, an error notification was displayed. Now, a clear message indicating “no data to display“ appears directly within the table.