Devo Exchange regularly updates content and approves content submitted by the Devo team as well as Customers to enhance the OOTB catalog offering to our entire user base.  Yes, if you have a great activeboard or vapp you can submit it to the Exchange team for verification and inclusion in the content catalog!  In this catalog update you will find dozens of new OOTB alerts, activeboards, lookups, synthetic data and use cases.  You will also find updated content from Activeboards to individual alerts. The new search functionality introduced in  Exchange release 2.0 will be able to find exactly what you need quickly!

Table of Contents

New Additions

Alert packs:

• Remote System Discovery (MITRE T1018)

• Command and Scripting Interpreter (MITRE T1059)

• Software Deployment Tools (MITRE T1072)

• Data Staged (MITRE T1074)

• System Information Discovery (MITRE T1082)

• Exploit Public-Facing Application (MITRE T1190)

• Exploitation for Defense Evasion (MITRE T1211)

• Resource_Hijacking_(MITRE T1496)

• Non-Standard Port (MITRE T1571)

• Protocol Tunneling (MITRE T1572)

• Establish Accounts (MITRE T1585)

• Develop Capabilities (MITRE T1587)

Activeboards:

• AWS Security Lake

• Cloud Azure Audit

• Cloud Azure Sign in

• Collective Defense Overview

• Devo Alert Auditing

• Proofpoint email protection

• Web Analytics

Lookups:

• IANAPortAssignment

• AwsAuthorizedApiUsers

Synthetic data:

• Web Apache injection

Use case:

• Web Analytics AB

Updated Catalog Content

Alert packs:

• SIEM detection capabilities enhanced.

• Performance enhanced with improved filters.

• Threat detection accuracy improved.

• Multitenant Enabled

Applications:

• Alert dependencies removed (now they can be installed only via Exchange alert packs), visuals improved, aggregation tasks created, and performance optimized.

• Devo 360 for Palo Alto → v1.1.1

• Devo 360 for Crowdstrike → v1.1.1

• Devo 360 for AWS → v1.1.1

Activeboards:

• Microsoft Active Directory → v1.1.0 → change source to box.all.win, fix keys in Voronoi, and change period to one day.

• Data Sources Insight → v1.0.1 → add default table before selection.

• Office365 Overview → v1.0.1 → fix Sharepoint widget.

• Windows Activity Monitoring → v1.1.0 → fix neq functions and selectors.

• Office365 Active Directory → v1.0.2 → fix widgets.

• Office365 One Drive → v1.1 → fix user agent widget and reorder widgets.

• OKTA Service Overview → v1.1.0 → reorganize widgets, change e-commerce sources, and delete external dependencies.

• OKTA Authentication Activity → v1.1.0 → change deprecated geo functions (mm by mm2).

• Firewall Monitoring → v1.2.0 → change map, time periods, and deprecated geo functions.

• Devo Users Tracking → v1.1.1 → migrate to multitenant.

Content packs:

• Modify Mitre Tactics to add the new techniques.

• TA0001 → T1190 added.

• TA0002 → T1059 and T1072 added.

• TA0005 → T1211 added.

• TA0007 → T1018 and T1082 added.

• TA0009 → T1074 added.

• TA0011 → T1571 and 1572 added.

• TA0040 → T1496 added.

• TA0042 → T1585 and T1587 added.