Product Updates

Hello everyone, the latest release of the Devo Platform is now live! Release 8.12.6!  This update provides enhancements to Data Search, Activeboards, Scheduled Tasks, and a selection of bug fixes.   For Data Search, we have optimized priority levels. In Activeboars we have introduced a new widget property to allow you to exclude boundary periods from your charts.   Scheduled Tasks have received increased character limits and optimized details forms.  These changes enhance and extend existing workflows and introduce new reporting capabilities with the control of the boundary periods in your charts.  Read on to learn more!  Geo AvailabilityRegion Status GovCloud Released CA Released US Released EU Released APAC Released   Table of ContentsNew Features Activeboards New Widget property to exclude boundary periods Improvements Data Search Optimization of priority levels Activeboards Enhanced Edit Mode Scheduled Tasks Increased Character Limit Redesigned details form Bug Fixes Activeboards Data Search Autoparser  New FeaturesActiveboardsNew Widget property to exclude boundary periodsIt is now possible to exclude the initial or final periods in certain widgets when grouping data, reducing potential misinterpretations derived from viewing incomplete periods. This new functionality applies to:Line Charts Area Charts Column Charts Stacked Area Charts Stacked Column Charts Time Lapse widgetsImprovementsData SearchOptimization of priority levelsSimplified priority levels to optimize resource allocations. Maximum query priority was removed.Learn more about priority levels in our Docs ActiveboardsEnhanced Edit ModeEdit mode now contains detailed descriptions of each available mode. Scheduled TasksIncreased Character LimitSelect fields in the scheduled task form now allow for larger character limits, which allows for more explanatory subjects, recipients and more complex queries. Redesigned details formWe’ve improved the design of the from to enhance readability and understanding of each field. Bug FixesActiveboards The Fill gaps property was shown in widgets even when the X-Axis was not a timestamp field. In that case, that property has no effect, so it is not shown anymore. Data Search The query previewer wasn’t showing the entire query in the Recent queries page. There were some random scenarios where the events were not shown correctly on the data table. A query with two groupings was causing issues to data downloads in data tables. Autoparser The depth selector of the JSON split option was not disappearing when selecting another option (String or JSON object). The JSON split option was returning null values when using a depth of 3.

Hello everyone, the latest release of the Devo Platform is now live! Release 8.12.2 Packs a collection of Alert and Activeboard new features and enhancements to power your workflows. Starting with Activeboards, you can now have the option to attach the cvs’s behind your table widgets to Scheduled Reports, enhancing an already powerful mechanic with complete data points. In Alerts, we are introducing a new alert status for Suppressed Alerts. You can now set alerts to Suppressed, helping you manage your alert noise to a greater degree. Lastly I will highlight the new functionality that allows you to use my.lookup tables in Alert Definition Subqueries, opening new windows of possibilities!  Read on to get the full list of enhancements in this update! Geo AvailabilityRegion Status GovCloud Released CA Released US Released EU Released APAC Released  Table of ContentsNew Features Activeboards Attach table widgets as CSV in Scheduled Reports Alerts Assign sending policy from the Alert definition settings New API Endpoint to assign sending policy to alert definition New API Endpoints to create, edit, and delete sending policies New Status: Suppressed Alert New API parameter to assign suppressed status to triggered alerts New functionality allows my.lookuplist tables to be used in alert definition subqueries New API Endpoint to use mylookuplist tables in alert definition subqueries Updated Features Alerts Redesigned Post-filter menu Extradata advance filter now stays open Activeboards New default layout options for legend layout Bug Fixes Activeboards Alerts & Data processing  New FeaturesActiveboardsAttach table widgets as CSV in Scheduled ReportsNow scheduled reports allow users to receive such widgets as CSV files inside a ZIP file. Enabling this option will generate a single CSV for each table widget present in the Activeboard and all of them will be inserted into a ZIP file, which will be attached to the email along with the PDF report.Learn more on Devo DocsAlertsAssign sending policy from the Alert definition settingsIt is now possible to assign sending policies to alert definitions directly in the creation and edition dialogs, making the process swifter and more efficient by centralizing all the required settings in a single dialog.Learn more on Devo Docs New API Endpoint to assign sending policy to alert definitionThe very same functionality existing in the platform interface is also available to use in the Alerts API. Now it is possible to assign a sending policy to an alert definitionLearn more on Devo Docs New API Endpoints to create, edit, and delete sending policiesThe very same functionality existing in the platform interface is also available to use in the Delivery methods API. Now it is possible to create, edit, and delete sending policies.Learn more on Devo Docs New Status: Suppressed AlertA new Suppressed status has been created to assign to triggered alerts, enriching the workflow and adapting it to the current needs of analysts. Learn more on Devo Docs New API parameter to assign suppressed status to triggered alertsSimilar to the platform interface, a new parameter can be used in the requests performed through the alerts API to be able to assign the Suppressed status to triggered alerts. Learn more on Devo Docs New functionality allows my.lookuplist tables to be used in alert definition subqueriesEach-type alert definition’s can now include in their subqueries my.lookuplist tables with certain limitations.Learn more on Devo Docs New API Endpoint to use mylookuplist tables in alert definition subqueriesEach-type alert definitions can now include in their subqueries my.lookuplist tables with certain limitations.Learn more on Devo Docs Updated FeaturesAlertsRedesigned Post-filter menuThe post-filter creation menu has been redesigned to reduce the noise and make the process more straightforward. The Basic data section has been removed as it does not apply to user-created alerts, and the Date filters section has been removed as they can be applied in the Extra data section with the eventdate. The actions in the post-filter creation menu have been rearranged, and the possibility to change to any status has been added. Learn more on Devo Docs Extradata advance filter now stays openThe dialog to add a filter condition in the extradata advanced filter remains always open until manually closed, giving users the chance to interact with the alert list without closing already entered parameters. This is especially useful to check a specific alert and its extradata to find specific values that they can even copy to include in the filter. ActiveboardsNew default layout options for legend layoutTo display these widgets with a more friendly layout that facilitates visualization and analysis, the default options for the legend layout have been changed.Learn more on Devo Docs Bug FixesActiveboards Widget versioning process was interrupted whenever one of them presented an error, leaving the remaining ones with an incorrect version. Error creating an aggregation task before the Activeboard is fully loaded. The full view option was still shown when already in full view mode. The option to create an aggregation task was shown for text inputs. Alerts & Data processing September 2024 vulnerabilities up to date. Incorrect management of post-filter creation when there are invalid characters in the name. Input present in the post-filter creation window disappears if a creation error occurs. Error when trying to add several eventdate fields in the post-filter creation window. The dialog to edit an alert definition edition from a a triggered alert closes after finding an error. Wrong error message when using an each-type alert with subqueries that present a wrong ratio between internal and external periods. In gradient-type alerts or each-type alerts with subqueries, invalid values are kept as an option when entering customized values in their settings dropdown. Error when returning to the triggered alerts area if a filter preset was applied, the time range changed with absolute dates, and the changes not saved before leaving the area via logout or domain change.

Hello everyone, the latest release of the Devo Platform is now live! Release 8.12.1 & 8.12.2 features a collection of small improvements and bug fixes to make your life a little easier. Includes improvements to Data Search, Lookups, Notifications, and menu enhancements as well as bug fixes.  In particular, improvements to Drag & drop functionality, Query Editor, and Injections.  These improvements come from customer feedback and we are excited to quickly provide you with these enhancements.  If you have any additional feedback please let us know below in the comments and check out the documentation links for in-depth descriptions of these improvements!  Geo AvailabilityRegion Status GovCloud Released CA Released US Released EU Released APAC Released  Table of ContentsImprovements Data Search Drag and Drop Query Editor Injections Login screen General Left Menu Lookup Notifications Lookups Centralized error notifications Failure management process redesign Notifications Counter removed and lifespan set to 7 days Bug Fixes General Single-Sign-On Data Search Table Copy to Clipboard Navigation Pane  ImprovementsData SearchDrag and DropImproved the drag-and-drop feature, which had issues when dragging a field into a wizard.Query EditorEnhanced some error messages in the query editor to make them easier to understand.InjectionsTexts displayed in the new injection form are now fully translated into the intended language when the platform language is not English.Login screenAn error message in the login screen has been improved to provide information about the cause, making it easier for users to find the solution. The specific error happens when unregistered users try to log in via SAML SSO with autoprovisioning disabled. GeneralLeft MenuThe left menu can now be opened in a new tab via right-click.Lookup NotificationsMoved some lookup notifications from the Notifications menu to the Lookups Management bell icon. LookupsCentralized error notificationsTo avoid duplicity and increase certainty about where to find lookup errors and potential solutions, global notifications are no longer generated and stored in the Notifications area. They are only registered in the Lookup management area, where specific troubleshooting is provided if available.Learn more in our documentationFailure management process redesignTo avoid confusion when a lookup gets stuck in the creating status due to an error, it remains on the list until manually deleted instead of disappearing when the lookup list is refreshed. This way, users can take their time to analyze the cause of the error and try to find a solution. Learn more in our documentationNotificationsCounter removed and lifespan set to 7 daysIn order to remove the noise and place the attention on the relevant information, notifications have been restricted to the last 7 days. Furthermore, the counter of unread/total notifications when hovering over notifications in the navigation pane and the new notifications bubble have been removed.Learn more in our documentation Bug FixesGeneralSingle-Sign-OnFixed a corner case where a single-sign-on session was restarted when clicking "Go to query" from alerts.Data SearchTableFixed an issue where the table sometimes hid certain rows from the user at first glance.Copy to ClipboardResolved a bug where copying text occasionally copied the entire raw event to the clipboard instead of just the highlighted text.Navigation PaneTooltipFixed incorrect text in the user information tooltip displayed when hovering over your profile picture.

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsNew Parsers dmp.commvault vpn.soft_ether waf.kemp db.mssql_snare Updated Parsers box.all.win firewall.fortinet firewall.cisco ids.juniper cloud.aws box.unix proxy.zscaler kms.hashicorp  New Parsersdmp.commvaultLink to Documentationvpn.soft_etherLink to Documentationwaf.kempLink to Documentationdb.mssql_snareDocumentation in progress Updated Parsersbox.all.winLink to Documentationfirewall.fortinetLink to Documentationfirewall.ciscoLink to Documentationids.juniperLink to Documentationcloud.awsLink to Documentationbox.unixLink to Documentationproxy.zscalerLink to Documentationkms.hashicorpLink to Documentation

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update.   This post contains new and updated collector information as well as links to their respective pages in our Documentation portal.  Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsNew Collectors Forcepoint SWG v1.0.0 Radware CWAF v1.0.0 Updated Collectors Proofpoint POD v2.1.1 Microsoft Graph v2.0.1 Mimecast 2.0.1 Duo v2.0.1 Flashpoint Intelligence v1.1.0 ServiceNow v1.5.1 Cisco Umbrella v1.3.0 Okta Resources v1.9.0 Office365 Exchange Message Tracing v2.3.0 Rubrik Collector v1.3.0 Cortex XDR v1.4.0 Qualys v2.2.1 Fastly Next-Gen WAF v1.1.0 Snowflake v1.4.1 AWS SQS v1.6.0 Microsoft Office365 Management API v2.4.0 Proofpoint Tap v3.0.0 Trend Micro Vision One v1.2.1  New CollectorsForcepoint SWG v1.0.0Link to DocumentationRadware CWAF v1.0.0Link to Documentation Updated CollectorsProofpoint POD v2.1.1Link to DocumentationMicrosoft Graph v2.0.1Link to DocumentationMimecast 2.0.1Link to DocumentationDuo v2.0.1Link to DocumentationFlashpoint Intelligence v1.1.0Link to DocumentationServiceNow v1.5.1Link to DocumentationCisco Umbrella v1.3.0Link to DocumentationOkta Resources v1.9.0Link to DocumentationOffice365 Exchange Message Tracing v2.3.0Link to DocumentationRubrik Collector v1.3.0Link to DocumentationCortex XDR v1.4.0Link to DocumentationQualys v2.2.1Link to DocumentationFastly Next-Gen WAF v1.1.0Link to DocumentationSnowflake v1.4.1Link to DocumentationAWS SQS v1.6.0Link to DocumentationMicrosoft Office365 Management API v2.4.0Link to DocumentationProofpoint Tap v3.0.0Link to DocumentationTrend Micro Vision One v1.2.1Link to Documentation   

Hello everyone, the latest release of the Devo Platform is now live! Release 8.12.0 introduces SubQueries to Data Search! That’s right, this powerful feature previously available through API is now available directly in Data Search and you can start using it right away! A Subquery makes it possible for you to use information from different sources in a single consultation and further restricts the data to be retrieved. We are excited to re-introduce Subqueries as a powerful tool in your Data Search toolbox. Check out the full article that lists requirements and an example LINQ query below! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released   Table of ContentsFeature Enhancement Subqueries now available in Data Search What is a subquery? Requirements Example  Feature EnhancementSubqueries now available in Data SearchSubqueries have been available for some time through other components and API but now you can use this powerful feature directly in Data Search! What is a subquery?A Subquery removes the limitations of a single search by using the result of a query (subquery) to act as a condition in another query, thus making it possible to use information from different sources in a single consultation and further restrict the data to be retrieved.RequirementsSubqueries in Data Search need to be:Non-contextual - The Subquery must be syntactically and semantically correct, if you extract it from the query it should run. There is no information transfer between query and subquery.Time-bound in the past - Subqueries must always be time-bound and defined in the past.Learn more in our documentation ExampleThe most common use case for Subqueries uses the in operator to determine if the values of a specific field in a table match any of the values in the set of results of a subquery.from siem.logtrust.web.activitywhere username in (from siem.logtrust.web.navigationwhere '2024-09-10 07:21:35' <eventdate< '2024-09-12 12:21:35'group every - by userEmail)where domain in (from siem.logtrust.web.navigationwhere '2024-09-10 07:21:35' <eventdate< '2024-09-12 12:21:35'group every - by domain)group every 10m by username, domainselect count()  If you haven’t tried them yet, please do and let us know what you think!

 Hello everyone, the latest release of the Devo Platform is now live! Release 8.11.1 introduces Alert Page presets!  Now you can save your Alert page filters, create new ones, set them as default on a per-user level, and mange your presets!   In addition, this release introduces a few enhancements to the devo.audit.alert.triggered table.  Alert Operations have been added to this table so you can now track when every alert has been triggered among other details. Additionally we have enhanced the tracking of alert priority change with the alert priority name, giving you additional context when auditing your alerts.  Learn more about this release below! Geo AvailabilityRegion Status GovCloud Released CA Released US Released EU Released APAC Released  Table of ContentsNew Features Introducing Alert Presets Improvements New Audited Operation field added Improved Priority Change recording  New FeaturesIntroducing Alert PresetsWith this release, you will now be able to save your Alert Page view filters ! Create, edit, save and delete your favorite filters to increase your productivity and speed up your workflow!Alert Preset operations available at user level:Create a new preset Edit a defined preset Delete a defined preset Set/Unset  a defined preset as user default (applied when entering the alerts page for first time in session) Apply a user preset or the system preset ImprovementsNew Audited Operation field addedUsers will now be able to track and audit when an alert was triggered with this new operation added to the audit table: devo.audit.alert.triggeredThe complete list of tracked elements in this table is now:User generated operations: Triggered Alert status change. Triggered Alert priority change. Triggered Alert deletion. Triggered Alert comments management (create/update/delete/reply comment). System generated operations : Triggered Alert generation (the new operation type added in this release).  Improved Priority Change recordingThe Triggered Alert priority change record in devo.audit.alert.triggered now contains the priority change name in addition to the changed status enhancing the context around this log entry. Read the full documentation of this release in our Docs!

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsNew Parsers dmp.egnyte Updated Parsers proxy.zscaler cloud.azure box.all.win firewall.cisco adn.f5 endpoint.vmware mail.fortinet box.unix network.meraki firewall.fortinet firewall.sophos box.vmware auth.cisco mail.proofpoint  New Parsersdmp.egnyteLink to Documentation Updated Parsersproxy.zscalerLink to Documentationcloud.azureLink to Documentationbox.all.winLink to Documentationfirewall.ciscoLink to Documentationadn.f5Link to Documentationendpoint.vmwareLink to Documentationmail.fortinetLink to Documentationbox.unixLink to Documentationnetwork.merakiLink to Documentationfirewall.fortinetLink to Documentationfirewall.sophosLink to Documentationbox.vmwareLink to Documentationauth.ciscoLink to Documentationmail.proofpointLink to Documentation   

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update.   This post contains new and updated collector information as well as links to their respective pages in our Documentation portal.  Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsNew Collectors Symantec Collector v1.0.0 Trellix DLP v1.0.0 Updated Collectors Github Collector v3.0.0 VMware Carbon Black Cloud EPP Collector v1.4.1 Office365 Management API Collector v2.3.2 Azure Collector v2.2.0 AWS SQS Collector v1.5.2 Wiz Collector v1.7.0 Duo Collector v2.0.0 Rapid7 InsightVM Collector v1.7.0 Lark Collector v1.1.0 Crowdstrike API Resources Collector v1.8.0 ServiceNow Collector v1.5.0 Cisco Meraki Collector v1.7.0 Salesforce Collector v2.4.0  New CollectorsSymantec Collector v1.0.0Link to DocumentationTrellix DLP v1.0.0Link to Documentation Updated CollectorsGithub Collector v3.0.0Link to DocumentationVMware Carbon Black Cloud EPP Collector v1.4.1Link to DocumentationOffice365 Management API Collector v2.3.2Link to DocumentationAzure Collector v2.2.0Link to DocumentationAWS SQS Collector v1.5.2Link to DocumentationWiz Collector v1.7.0Link to DocumentationDuo Collector v2.0.0Link to DocumentationRapid7 InsightVM Collector v1.7.0Link to DocumentationLark Collector v1.1.0Link to DocumentationCrowdstrike API Resources Collector v1.8.0Link to DocumentationServiceNow Collector v1.5.0Link to DocumentationCisco Meraki Collector v1.7.0Link to DocumentationSalesforce Collector v2.4.0Link to Documentation

The Devo team has released the latest version of Devo SOAR!  This release include 2 new integrations and a host of new actions and bug fixes.  SOAR Automation is a key feature of Devo Intelligent SIEM, allowing you to automate a large number of daily tasks and give you back essential time to perform key investigations and hunts.  First time with Devo SOAR? We have tutorials on the community to help you get started as well as the rich Devo SOAR Documentation portal.   Devo SOAR also has a guided playbook builder to interactively create a no-code automation!  Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew Integrations Enhancements New IntegrationsCISCO Ironport with 1 actionBeyond Trust with 3 actions EnhancementsWeb API now supports multipart/form-data in the bodyAbsolute new action: Get a Wipe Request.Case Management new action behavior: Create case action now has title field as required.Anomali new action parameter: Import with manual approval v2 added tags as optional parameterZendesk new action: Create Ticket V2 now supports HTML body and custom fieldsPalo Alto Panorama added authentication support using op profile alongisde config profile.EasyVista new action added: Create a Ticket.

 Hello everyone, the latest release of the Devo Platform is now live! Release 8.10.43 brings some core improvements for Scheduled Reports, Autoparser and new functionality for Multitenant domains. The great Autoparser now reports when it encounters inconsistencies in the data being processed. Scheduled reports are now aligned with the RFC Standard for emails changing the way the reports are sent. Multitenant domains can now see and define my.app and my.upload tables created in their child domains. Lastly we have a collection of bug fixes in direct response to customer feedback.   Learn more in this product update and don’t forget to subscribe!  Geo AvailabilityRegion Status GovCloud Released CA Released US Released EU Released APAC Released  Table of ContentsNew Features Multitenant root domains can create my.app & my.upload table definitions in the finder. Updated Feature Autoparser on tables with inconsistent data Scheduled reports are sent to each recipient individually Bug Fixes  New FeaturesMultitenant root domains can create my.app & my.upload table definitions in the finder.With this release Multitenant root domains will see and define custom data from my.app and my.upload tables in their child domains directly in the finder. This new functionality to create this type of table is available from the “Add table definition” window. Updated FeatureAutoparser on tables with inconsistent dataThe Autoparser will now notify you when you ingest inconsistent data, informing you that the results where created with errors.  When this happens, it means that some fields could not be parsed correctly and you will see null values when ever the inconsistent data was found. Scheduled reports are sent to each recipient individuallyAdhering to the recent updates to the RFC Standard that state the requirement that every email must have the  TO: field filled in.   Scheduled reports send to changed form BCC to TO field.   Adhering to the new RFC Standard, each person in the TO field will receive the report individually. Bug Fixes The New lookup button on the Lookup management page was not linked to the lookups_manage policy. The condition has now been added, so the button only appears when the policy allows it. When updating a lookup, using double quotes in the middle of a cell value works correctly now, preventing an empty notification error. Certificate creation logic updated to consider only user certificates for domain limits, excluding relay certificates. This ensures accurate limit adherence and appropriate notifications when limits are reached or changed.  

We're thrilled to announce the latest updates and additions to our alerting system with Release 29. This release introduces a large collection of updates to 24 Alert Packs covering all manner of MITRE Tactics and Techniques. Additionally we have updated Detections for Linux, Windows, Network and authentication. Below you will find links to exchange for all the alert packs in your respecting geo’s.To access Updated Detections, open the Security Operations app inside Devo and navigate to the Content Manager. Here, you can search for the detection name, and manage your alerts.  To update or install new alerts visit Devo Exchange. Table of ContentsUpdated Alert Packs Linux_Log-Based_Threat_Detection_Suite Windows_Log_Threat_Detection_Suite Authentication_Log_Threat_Detection_Suite Abuse_Elevation_Control_Mechanism_(MITRE_Att&ck_Technique:_T1548) Boot_or_Logon_Initialization_Scripts_(MITRE_Att&ck_Technique:_T1037) Account_Manipulation_(MITRE_Att&ck_Technique:_T1098) Command_and_Scripting_Interpreter_(MITRE_Att&ck_Technique:_T1059) Brute_Force_(MITRE_Att&ck_Technique:_T1110) Data_Encrypted_for_Impact_(MITRE_Att&ck_Technique:_T1486) Data_Destruction_(MITRE_Att&ck_Technique:_T1485) Create_Account_(MITRE_Att&ck_Technique:_T1136) Domain_Policy_Modification_(MITRE_Att&ck_Technique:_T1484) Exfiltration_Over_Alternative_Protocol_(MITRE_Att&ck_Technique:_T1048) Event_Triggered_Execution_(MITRE_Att&ck_Technique:_T1546) File_and_Directory_Permissions_Modification_(MITRE_Att&ck_Technique:_T1222) Ingress_Tool_Transfer_(MITRE_Att&ck_Technique:_T1105) Indicator_Removal_on_Host_(MITRE_Att&ck_Technique:_T1070) Impair_Defenses_(MITRE_Att&ck_Technique:_T1562) OS_Credential_Dumping_(MITRE_Att&ck_Technique:_T1003) Modify_Registry_(MITRE_Att&ck_Technique:_T1112) Obtain_Capabilities_(MITRE_Att&ck_Technique:_T1588) Scheduled_Task_Job_(MITRE_Att&ck_Technique:_T1053) Remote_Services_(MITRE_Att&ck_Technique:_T1021) Valid_Accounts_(MITRE_Att&ck_Technique:_T1078) Updated Detections Linux Windows Network Authentication  Updated Alert PacksLinux_Log-Based_Threat_Detection_SuiteDirect links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Windows_Log_Threat_Detection_SuiteDirect links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Authentication_Log_Threat_Detection_SuiteDirect links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Abuse_Elevation_Control_Mechanism_(MITRE_Att&ck_Technique:_T1548)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Boot_or_Logon_Initialization_Scripts_(MITRE_Att&ck_Technique:_T1037)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Account_Manipulation_(MITRE_Att&ck_Technique:_T1098)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Command_and_Scripting_Interpreter_(MITRE_Att&ck_Technique:_T1059)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Brute_Force_(MITRE_Att&ck_Technique:_T1110)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Data_Encrypted_for_Impact_(MITRE_Att&ck_Technique:_T1486)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Data_Destruction_(MITRE_Att&ck_Technique:_T1485)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Create_Account_(MITRE_Att&ck_Technique:_T1136)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Domain_Policy_Modification_(MITRE_Att&ck_Technique:_T1484)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Exfiltration_Over_Alternative_Protocol_(MITRE_Att&ck_Technique:_T1048)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Event_Triggered_Execution_(MITRE_Att&ck_Technique:_T1546)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange File_and_Directory_Permissions_Modification_(MITRE_Att&ck_Technique:_T1222)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Ingress_Tool_Transfer_(MITRE_Att&ck_Technique:_T1105)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Indicator_Removal_on_Host_(MITRE_Att&ck_Technique:_T1070)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Impair_Defenses_(MITRE_Att&ck_Technique:_T1562)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange OS_Credential_Dumping_(MITRE_Att&ck_Technique:_T1003)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Modify_Registry_(MITRE_Att&ck_Technique:_T1112)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Obtain_Capabilities_(MITRE_Att&ck_Technique:_T1588)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Scheduled_Task_Job_(MITRE_Att&ck_Technique:_T1053)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Remote_Services_(MITRE_Att&ck_Technique:_T1021)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange Valid_Accounts_(MITRE_Att&ck_Technique:_T1078)Direct links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange   Updated DetectionsLinuxSecOpsLinuxAddFilestoCrontabDir.json SecOpsLinuxAppendCommandToProfileConfig.json SecOpsLinuxAppendCronjobEntry.json SecOpsLinuxAuditdMaxFailedLoginAttempts.json SecOpsLinuxExtNetworkviaTelnet.json SecOpsLinuxFileCreateInitBoot.json SecOpsLinuxFileOwnerNowRoot.json SecOpsLinuxHighFileDeletesEtc.json SecOpsLinuxIntNetworkviaTelnet.json SecOpsLinuxNcUseDetected.json SecOpsLinuxNOPASSWDSudoers.json SecOpsLinuxPotentialDisableSELinux.json SecOpsLinuxSetuidUsingChmod.json SecOpsLinuxSudoFileModification.json SecOpsLinuxSystemLogFileDeletion.json SecOpsLinuxWebserverAccessLogsDeletedWindowsSecOpsOsCredentialDumpingGsecdump.json SecOpsRansomwareBehaviorMaze.json SecOpsRansomwareBehaviorNotPetya.json SecOpsRansomwareBehaviorRyuk.json SecOpsResetPasswordAttempt.json SecOpsWannaCryBehavior.json SecOpsWinMimikatzLsadump SecOpsWinAuditLogCleared.json SecOpsWinDisableUac.json SecOpsWinDisableAntispywareRegistry.json SecOpsWinLockoutsEndpoint.json SecOpsWinLsassMemDump.json SecOpsWinRegistryModificationDisableChangePasswdFeature.json SecOpsWinRegistryModificationNewTrustedSite.json SecOpsWinUserAddedSelfToSecGroup.json SecOpsWinUserAddedToLocalSecurityEnabledGroup.json SecOpsWinUserCredentialDumpRegistry.json SecOpsNewAccountCreated.json SecOpsWinAdminRemoteLogon.json SecOpsWinAnonymousAccountCreated.json SecOpsWinExcessiveUserInteractiveLogin.json SecOpsFailLogOn.jsonNetworkSecOpsFortinetCriticalAppUse.json SecOpsSuspiciousConnectionToCoinminerDomain.json SecOpsFortinetHighRiskAppUse.jsonAuthenticationSecOpsAuthPasswordSprayHost.json SecOpsO365AuthExcessiveFailedLoginsSingleSource.json SecOpsO365AuthExcessiveFailedLoginsUserAuthAll.json SecOpsLoginFailCombinedSuccessed.json SecOpsAuthPasswordSprayIp.json  

  Geo AvailabilityRegion Status GovCloudReleased CAReleased USReleased EUReleased APACReleased  Hello everyone, the latest release of the Devo Platform is now live! Release 8.11.0 delivers a wide range of improvements to Data Search that are sure you enhance the key core experience of the Devo Platform! Data Search has been re-imagined from a collection of single components to a unified architecture, delivering speed and freedom of action. With this improvement we have been able to remove Column Limits, deliver improvements to column reorganization, table navigation as well as improved data visibility and control.   In addition, we have delivered improvements to Alerts with the new ExtraData search filter. Learn more about this release below! Table of ContentsNew Features Data Search reimagined Enhancements Removed Column Limits New feedback added for query with no results Improvement to Drag & Drop Column Order Improved Table Navigation New action added to view wrapped content Streamlined cell options menu New Filter added to Alerts Added ExtraData to Triggered Alerts Info Bug Fixes Download Event Button Global Search   New FeaturesData Search reimaginedWith this release we are migrating from individual html elements to a single Canvas element to draw everything on screen.  This provides more flexibility and increased performance for large complex data sets. You are going to see huge performance improvements with large data sets. EnhancementsRemoved Column LimitsWhen you drive a faster car, you get rid of the speed limits, (or so I hear...)   Thanks to the re-imagining of Data Search, the 50 visible column limit has been removed.  Display a massive number of columns without performance trade offs. New feedback added for query with no resultsA small change to be sure, but one that helps us all!  When you create a query that has 0 results, you will know it was the intended output. Improvement to Drag & Drop Column OrderImproved drag & drop functionality to be more user-friendly and unlocked the ability to drag columns to the last position. Improved Table NavigationArrow Key navigation added to tables, now you can navigate quickly like you would in a normal spreadsheet. New action added to view wrapped contentYou can now double-click on a cell to view wrapped content.  This is particularly useful with cells that contain a large amount of information. Streamlined cell options menuHighlight action has been removed in favor of direct selection of a cell.   Learn more in our DocumentationNew Filter added to AlertsAdded a new filter criteria to find specific alerts based on their ExtraData content with two search levels.Simple Search: Allows you to find a single value within the first-level keys. Advance Search: Allows you to find one or multiple values within the first level keys and decide where and how to search for them.Learn more in our Documentation Added ExtraData to Triggered Alerts InfoTriggered Alerts expandable info has a new section for ExtraData.  It joins the Summary and Description as fields available for quick access.Learn more in our Documentation Bug FixesDownload Event Button Fixed the Download an event button from the Selected events wizard in Data Search. When pressing the space bar over an event, a wizard will open showing the details of the event. In that wizard, the Download button failed to download the event. Global Search In Global search, the links in the table all.data in the field tables did not work properly. All tables are opened correctly now.

The Integration team prepared and released a new Activeboard to help users monitor and be informed on the status of their collectors along with any warnings or errors that may be occurring.  We have also released a companion Alert Pack that works in conjunction with the Activeboard to provide full visibility around your Collectors. This combination will give you visibility into Collector uptime, warning errors, general activity and message types. You also see all credential errors as well as API limits and server errors.   This is a must have Activeboard that provides full visibility into the health of your Data Ingestion.Table of ContentsCollector Monitoring Activeboard Collector Alert Pack What does it look like? Go Check it out on Devo Exchange Devo Collector Monitoring Activeboard Devo Collector Alert Pack Collector Monitoring ActiveboardHaving good supervision in data flow is key in Devo. It’s important to give customers good insights, alerts and security use cases, but insight into any problem with Collectors was missing.  This activeboard solves this, providing complete visibility of your collector health.  In this activeboard you can find:Number of collectors active / failing. Collectors that stop sending data in the last hour. Errors Warnings distribution by collector. General activity and types of messages. Errors in credentials (401/403) Errors for API limits retries (429) Server errors (500, 501, 503)Use this activeboard to detect credential, server failures or problems in data flow. The Collector Alert Pack works in conjunction with this activeboard to provide all the details. Collector Alert PackUse this Alert Pack to monitor your collectors, detect credentials failures (401/403) and any problem in data flow. It is recommended to complement this content with AB Collectors Error Control.SecOpsCollectorCredentials: Detects any credential problem (401 or 403 error) in any collector running in the domain, and also warnings that could mean error as well. What does it look like? Go Check it out on Devo ExchangeDevo Collector Monitoring ActiveboardDirect links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange  Devo Collector Alert PackDirect links on Devo ExchangeUS Exchange CA Exchange EU Exchange APAC Exchange  

Hello everyone, the latest release of the Devo Platform is now live! Release 8.10.29 focuses on Activeboard improvements from improved loading options to enhancements for your favorite tools. Among the updates in this release are the new “Load on Demand” options at the widget level and the Activeboard level. Scheduled tasks no longer require tokens to create a task. Multiple enhancements to the Line/Area widget. New background process tab for Usage Analytics  Better Error messages for Aggregation tasks and fixes to customer-reported bugs. Check out the full release notes here as well as links to relevant documentation. Geo AvailabilityRegion Status GovCloud Released CA Released US Released EU Released APAC Released   Table of ContentsUpdated Features New options for “Load on Demand” feature for Activeboards Activeboard Line/Area widget: All points visibility Scheduled Tasks: No Tokens required! Usage Analytics new Background processes tab Activeboards: Better error messages for Aggregation Tasks. Bug Fixes Updated FeaturesNew options for “Load on Demand” feature for ActiveboardsPerformance is key in Devo with the release of 8.8.16 we released the “load on demand” feature for widgets. In this release we are expanding this feature by adding more data loading options, not just on the widget level but also at the Activeboard level.Activeboard LevelThese updates where created to reduce system resources load, reduce Activeboard loading times and give the user a greater control over the Activeboard/Widget load.Learn more about Load on Demand at the Activeboards level in our Docs.Learn more about Load on Demand at the Widget level in our Docs. Activeboard Line/Area widget: All points visibilityEnhancing the At-a-Glance understanding of this widget, users will now have the ability to chose to display all the line/chart area widget points. Scheduled Tasks: No Tokens required!In order to simplify the user experience, we have removed the authentication user token needed to create a Scheduled Task.  This also means that the scheduled task email can now be sent to any email address. You will still need a token for the following tasks:Scheduled tasks CRUD operations need a user session token. Scheduled task execution will generate and use a new service token. Usage Analytics new Background processes tabThe new Background processes tab gives the user the ability to monitor the running and failed background processes in the last 24 hours of the following entities:Alerts Injections Aggregation Tasks Query LookupsLearn more in our Documentation Activeboards: Better error messages for Aggregation Tasks.Improvement to Aggregation task error messages, providing more information about the specific error that has occurred so you can take the appropriate actions. Bug FixesFixed widget description in Export to PDF Fixed Line/Area widget’s Dash Style Fixed Stacked Line/Area setting the stacked scale as percentage Fixed Yearly periodicity display in Scheduled Tasks.  Check out the full Release Notes in our Documentation

Hello everyone, the latest release of the Devo Platform is now live! Release 8.10.28 focuses on Alert Improvements and features along with new API calls.  Starting off with the Alert improvements, filters you apply to the Alerts page will automatically be added to the URL so you can save repeat searches and jump directly into them.  A new API delivery method was added in order to get the Sending Policies.  Alert Pagination improvement, now your pagination tools stay on the page with you, giving you access to those controls instantly. The Delete Bulk action now has a double confirmation for peace of mind and more!   Read on! Geo AvailabilityRegion Status GovCloud Released CA Released US Released EU Released APAC Released   Table of ContentsNew Features Alert Page URL Filters Updated Features Delete Alert confirmation dialog Improvements to Alert Pagination New FeaturesNew to the Alerts Delivery method API: Get Sending Policies.   Available Operations:GET all the policies defined in the domain GET a specific policy in the domain indentified by it’s ID.Learn more in our docs! Alert Page URL FiltersEnabling you to save Alert Pages with predefined filters, now when you chose your filtering from the Alerts page, the filter information will be added to the URL in the address bar.   Saving the URL will allow you to jump directly to the pre-filtered results. Updated FeaturesDelete Alert confirmation dialogThe confirmation dialog that appears after performing bulk actions has been improved with a loading indicator. This gives users a visual confirmation that the action is actually in progress. Improvements to Alert PaginationTo improve review of a large group of alerts, pagination tools are now pinned in order to provide access these tools as you go through the selected list. Check out the Full Release notes in our Documentation

 The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!  Table of ContentsNew Parsers cnapp.orca firewall.sangfor network.riverbed Updated Parsers ips.all.alerts web.aws proxy.zscaler cdn.akamai network.meraki dns.windows edr.crowdstrike firewall.cisco dlp.code42 network.hp cef0.paloAltoNetworks dhcp.microsoft edr.cisco firewall.all.traffic cef0.ibm ids.corelight box.win_nxlog  New Parserscnapp.orcaView Documentationfirewall.sangforView Documentationnetwork.riverbedView Documentation Updated Parsersips.all.alertsView Documentationweb.awsView Documentationproxy.zscalerView Documentationcdn.akamaiView Documentationnetwork.merakiView Documentationdns.windowsView Documentationedr.crowdstrikeView Documentationfirewall.ciscoView Documentationdlp.code42View Documentationnetwork.hpView Documentationcef0.paloAltoNetworksView Documentationdhcp.microsoftView Documentationedr.ciscoView Documentationfirewall.all.trafficView Documentationcef0.ibmView Documentationids.corelightView Documentationbox.win_nxlogView Documentation

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update.   This post contains new and updated collector information as well as links to their respective pages in our Documentation portal.  Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources!  Table of ContentsNew Collectors Lark Collector V1.0.0 Cato Collector V1.0.0 Google Workspace for BigQuery v1.0.0 Updated Collectors Cisco Amp v1.1.1 Office365 Management API v2.2.0 Snowflake V1.3.1 AWS SQS v1.4.0 Microsoft Defender for Endpoint (ATP) v1.3.0 Workday v1.1.0 Rapid7 InsightVM v1.6.0 Google Cloud Platform (GCP) v1.7.0 Qualys v2.2.0  New CollectorsLark Collector V1.0.0Documentation in progress.Cato Collector V1.0.0Documentation in Progress.Google Workspace for BigQuery v1.0.0Documentation in Progress. Updated CollectorsCisco Amp v1.1.1View DocumentationOffice365 Management API v2.2.0View DocumentationSnowflake V1.3.1View DocumentationAWS SQS v1.4.0View DocumentationMicrosoft Defender for Endpoint (ATP) v1.3.0View DocumentationWorkday v1.1.0View DocumentationRapid7 InsightVM v1.6.0View DocumentationGoogle Cloud Platform (GCP) v1.7.0View DocumentationQualys v2.2.0Documentation in Progress.

Devo Exchange regularly updates content and approves content submitted by the Devo team as well as Customers to enhance the OOTB catalog offering to our entire user base.  Yes, if you have a great activeboard or vapp you can submit it to the Exchange team for verification and inclusion in the content catalog!  In this catalog update you will find dozens of new OOTB alerts, activeboards, lookups, synthetic data and use cases.  You will also find updated content from Activeboards to individual alerts. The new search functionality introduced in  Exchange release 2.0 will be able to find exactly what you need quickly!  Table of ContentsNew Additions Alert packs: Activeboards: Lookups: Synthetic data: Use case: Updated Catalog Content Alert packs: Applications: Activeboards: Content packs:  New Additions Alert packs: Remote System Discovery (MITRE T1018) Command and Scripting Interpreter (MITRE T1059) Software Deployment Tools (MITRE T1072) Data Staged (MITRE T1074) System Information Discovery (MITRE T1082) Exploit Public-Facing Application (MITRE T1190) Exploitation for Defense Evasion (MITRE T1211) Resource_Hijacking_(MITRE T1496) Non-Standard Port (MITRE T1571) Protocol Tunneling (MITRE T1572) Establish Accounts (MITRE T1585) Develop Capabilities (MITRE T1587) Activeboards: AWS Security Lake Cloud Azure Audit Cloud Azure Sign in Collective Defense Overview Devo Alert Auditing Proofpoint email protection Web Analytics Lookups: IANAPortAssignment AwsAuthorizedApiUsers Synthetic data: Web Apache injection Use case: Web Analytics AB  Updated Catalog Content Alert packs: SIEM detection capabilities enhanced. Performance enhanced with improved filters. Threat detection accuracy improved. Multitenant Enabled Applications: Alert dependencies removed (now they can be installed only via Exchange alert packs), visuals improved, aggregation tasks created, and performance optimized. Devo 360 for Palo Alto → v1.1.1 Devo 360 for Crowdstrike → v1.1.1 Devo 360 for AWS → v1.1.1 Activeboards: Microsoft Active Directory → v1.1.0 → change source to box.all.win, fix keys in Voronoi, and change period to one day. Data Sources Insight → v1.0.1 → add default table before selection. Office365 Overview → v1.0.1 → fix Sharepoint widget. Windows Activity Monitoring → v1.1.0 → fix neq functions and selectors. Office365 Active Directory → v1.0.2 → fix widgets. Office365 One Drive → v1.1 → fix user agent widget and reorder widgets. OKTA Service Overview → v1.1.0 → reorganize widgets, change e-commerce sources, and delete external dependencies. OKTA Authentication Activity → v1.1.0 → change deprecated geo functions (mm by mm2). Firewall Monitoring → v1.2.0 → change map, time periods, and deprecated geo functions. Devo Users Tracking → v1.1.1 → migrate to multitenant. Content packs: Modify Mitre Tactics to add the new techniques. TA0001 → T1190 added. TA0002 → T1059 and T1072 added. TA0005 → T1211 added. TA0007 → T1018 and T1082 added. TA0009 → T1074 added. TA0011 → T1571 and 1572 added. TA0040 → T1496 added. TA0042 → T1585 and T1587 added.

Welcome everyone to the grand unveiling of Devo Exchange 2.0!   We have some massive updates to the Exchange marketplace, including a new section for Multitenant content, a completely revamped Search engine that allows you to hunt for individual alerts and a redesign of Alert packs to give you even more flexibility and visibility into the pack's contents. The road to version 2.0 brought with it tons of great improvements as well,  including amazing performance improvements, enhanced access control and improvements to the amazing alert management tool, the MITRE ATT&CK Adviser! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew Features Search 2.0 Recent Searches Full Search with new Category Filters Search inside Packaged Content Alert Pack Redesign Multi-Tenant Content   New FeaturesSearch 2.0This massive undertaking brings about a host of new features to help you find content quickly through the expanded marketplace.  In detail:Recent SearchesRecent Searches will contain the last 5 searches you performed in order to find commonly used content quickly.  You can also clear any of the individual search entries.  Full match, partial match strings, the search will find anything.Full Search with new Category FiltersYou can now filter your search results by sources, tactics and techniques.  Along with these filters, we have improved all parameters of the search engine as well as the order in which results are presented. The search filters are also additive, for example if you wanted to find any alert packs with alerts that cover different tactics you can add those to the filters.Search inside Packaged ContentIn a past release we enabled the installation of any content individually within an Alert Pack. With Search 2.0 you can search for any alert inside alert packs by name or partial name.Searching for “O365” you can see all the alert packs that contain alerts with this string in the name.  When you enter the pack, the search string will be highlighted and moved to the top.As you can see, priority and sources have been added as additional information inside pack content on Devo Exchange. This helps power the new search filters and add new context for faster decision making! Alert Pack RedesignAlert packs now have Priority and Source information for each alert inside the pack as seen above.  We also have a new counter on the top right showing how many alerts in the Alert Pack you have installed.Multi-Tenant Content All OOTB content in Devo Exchange has been updated to be Multi-tenant capable. This includes all 119 Alert Packs, more than 500 Alerts! We are currently working on Activeboards and Applications to have this new capability.   User Tracking Activeboard joins the MITRE ATT&CK Advisor application in Multi-Tenant capabilities.If your domain is the parent domain of a Multi-Tenant structure you will see a new category filter in the Exchange homepage. Applications and Activeboards will have domain selectors for you to manage the information displayed. 

The Devo team has released the latest version of Devo SOAR!  This release include 4 new integrations and a host of new actions and bug fixes.  SOAR Automation is a key feature of Devo Intelligent SIEM, allowing you to automate a large number of daily tasks and give you back essential time to perform key investigations and hunts.  First time with Devo SOAR? We have tutorials on the community to help you get started as well as the rich Devo SOAR Documentation portal.   Devo SOAR also has a guided playbook builder to interactively create a no-code automation! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew Integrations EnhancementsNew IntegrationsCisco Secure Endpoint: with 5 actions Anyrun with 4 actions Solarwinds Orion with 8 actions Arbor Sightline with 3 actions EnhancementsPlaybook resets to the default layout when we click on a node in advanced mode. Microsoft Graph integration has added a new action List users V2 with Jinja support. 2 additional actions added: Add Attachments and Send Draft. CrowdStrike Falcon Host (OAuth Based): Added 8 new actions based on Static Groups, Static Host Groups, Host Groups, and Host Group Members Cisco Umbrella: Added 3 new actions Zendesk: Added a new action - Get Ticket

Hello everyone, the latest release of the Devo Platform is now live! Release 8.10.19 adds a new table to help you manage Alert and Flow errors.  Along with our ongoing efforts to add clarity and context to error alerts, this new table collects all backend errors for Alerts as well as Flows on the domain where the error was triggered.  In the future this new log will expand to collect all backend error alerts so you have one place to check and resolve any errors that may come up in your normal day to day. Each of the entries in the log are actionable by you, the user, with the additional context added to the error logs.  Lets dive in! Geo AvailabilityRegion Status GovCloud Released CA Released US Released US3 Released EU Released APAC Released  Table of ContentsNew Features New Alerts Error log table introduced Bug Fixes Improved error messaging  New FeaturesNew Alerts Error log table introducedAlerts internal error logs have been enhanced with the introduction of the new devo.internal.log.error table.  This table will contain all Alert backend errors (from Flows and Alerts) that take place in the domain where the Flow/Alert is running  and can be solved by a customer action.Learn more about the details of this table in our documentation. Bug FixesImproved error messaging

If you haven’t benefited from our AI-Powered LInk generator, now is a great time to start.   The AI-Powered LINQ Generator was just updated with the latest and best LMM, Anthropic Sonnet 3.5.    What does this mean?When you use the AI-powered LINQ generator, the engine creating the resulting LINQ is industry-recognized as the best in class by independent benchmarks!  Better results, every time. AND you can now Refine your results! How do I get access to AI-Powered Generator?You can access it in two locations:On the Devo Platform:As soon as you load up the Devo Platform Homepage, you will see a megaphone on the top right. This is the Resource Center.  It includes announcements and Related Docs Search.  Here you will find the magic wand that accesses the AI-Powered LINQ Generator and Search. On Devo DocsHead on over to our Documentation Portal and on the bottom right you will see the floating icon for AI-Powered Search: How to Use AI-Powered SearchBe Descriptive,  the better you describe the code you want to create, the more accurate the results! Have you used it?I want to hear how AI-Powered LINQ Generator has helped you! Tell me your stories!

The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsNew Parsers dmp.pure-storage Updated Parsers cef0.fortinet backup.veeam iam.imprivata cloud.azure   New Parsersdmp.pure-storageView full documentation in our Docs. Updated Parserscef0.fortinetDocumentation will be available soon.backup.veeamView full documentation in our Docs.iam.imprivataView full documentation in our Docs.cloud.azureView full documentation in our Docs.

Every month, the integrations team work on new and updated collectors for you, and I collect them all in this Catalog Update.   This post contains new and updated collector information as well as links to their respective pages in our Documentation portal.  Be advised that some pages in Documentation may not be available at the time of posting but will be added as soon as they are available. To request new collectors or an update to an existing collector, please open a support ticket through the Support Portal. You can also visit the new Resources Portal, a single page for all your customer resources! Table of ContentsNew Collectors Qualys FIM v1.0.1 Google Workspace for BigQuery v1.0.0 Updated Collectors Github v2.3.0 CyberReason v1.4.0 Proofpoint CASB v1.1.0 Snowflake v1.2.0 MimeCast v1.2.0 CrowdStrike API Resources v1.7.0 Cortex XDR v1.3.0 SpyCloud v1.1.0 Office365 Exchange Reports v0.4.1-beta Netskope API V2 v1.1.0 Wiz v1.6.2 AWS v1.10.0  New CollectorsQualys FIM v1.0.1Documentation will be available soonGoogle Workspace for BigQuery v1.0.0Documentation will be available soon. Updated CollectorsGithub v2.3.0View full documentation in our Docs.CyberReason v1.4.0View full documentation in our Docs.Proofpoint CASB v1.1.0View full documentation in our Docs.Snowflake v1.2.0View full documentation in our Docs.MimeCast v1.2.0View full documentation in our Docs.CrowdStrike API Resources v1.7.0View full documentation in our Docs.Cortex XDR v1.3.0View full documentation in our Docs.SpyCloud v1.1.0View full documentation in our Docs.Office365 Exchange Reports v0.4.1-betaView full documentation in our Docs.Netskope API V2 v1.1.0View full documentation in our Docs.Wiz v1.6.2View full documentation in our Docs.AWS v1.10.0View full documentation in our Docs.