Security teams rejoice! Devo Behavior Analytics 1.5.0 will be available this week, incorporating new features and enhancements created from your feedback!
Release Window: Wednesday November 15
Customer Impact: None
Table of Contents
Notable Entity List
When a SOC Analyst comes to the Devo Behavior Analytics application and identifies an entity that looks suspicious but whose behavior is not worth an investigation, the Analyst would like to mark that entity to come back to later on and not have to remember the entity or write it down somewhere else. Now, with the notable entity list within Devo Behavior Analytics, a user can add and remove entities from the notable list to track entities that need specific attention to ensure no further malicious behavior.
New Alert Type
Risk-based alerting sets thresholds for alerts within the Devo Behavior Analytics application to alert on risk events for specific entities within an organization. Risk-based alerts can be created from the Content Manager or through data search by creating alerts on the entity.behvaior.risk.events table.
Entity Risk Groups
Entity risk groups enables organizations identity specific sets of entities and adjust their risk score based on their own organizations context. Let's discuss an example to showcase this new feature:
Example Usecase for Entity Risk Groups
VIP Users Risk Group
VIP Users are users that are very important people to the organization such as the C-suite, administrators, etc. that have access to sensitive information or many different systems. If these users were compromised or conducting risky behavior it is imperative to look into them sooner rather than later. As a result, it is important to add risk multipliers to these users such that they bubble up to the top of the risk curve within Devo Behavior Analytics