Devo is happy to announce the latest update to Devo Behavior Analytics. This update contains new features with Alert White Listing and Risk-based Alerting, as well as a selection of bug fixes to improve your experience.
Release Information
Release Window: Tuesday, January 2
Customer Impact: None
Geo Availability
| Region | Status |
|---|---|
| CA | Released |
| US | Released |
| EU | Released |
| APAC | Released |
Table of Contents
New Features
Alert White Listing
Alert Whitelisting enables customers to attach Devo’s standard OOTB whitelisting capabilities to the alerts created as part of the behavior alert definition configuration.
The Whitelist combines the SecOpsAssetRole and SecOpsGWL lookups available from Devo Exchange (see the links below). These lookups are used with the Behavior Alert Definition and the underlying model to identify the entities involved in the detection and check that they are not within the allowlist. If the entities are in the allowlist, then the alert will not fire for that particular entity.
Devo Exchange Quick link: SecOpsAssetRole
| US Exchange | CA Exchange | EU Exchange | APAC Exchange |
Devo Exchange Quick link: SecOpsGWL
| US Exchange | CA Exchange | EU Exchange | APAC Exchange |
Risk-Based Alerting
Risk-based alerting sets thresholds for alerts within the Devo Behavior Analytics application to alert on risk events for specific entities within an organization. Risk-based alerts can be created from the Content Manager or through data search by creating alerts on the entity. behavior.risk.events table.
Learn more about this feature in this use case.