The MITRE ATT&CK Adviser is your alert coverage command center, and this new release brings with it more capabilities for you to manage your alert coverage. This release is available now for all geos! New to this release is the ability to update Alerts! We are always updating our alerts with the latest detections, and you can update them from Devo Exchange or Security Operations, now you can update them from the Adviser as well! You will also be able to compare the old and updated alerts with this update. We have also added additional bulk actions to allow you to enable and disable groups of alerts. Managing your alert coverage has never been easier!

Geo Availability

Table of Contents

New Features

Update Alerts in the Adviser

Alerts that are provided by Devo are constantly kept up to date with the latest MITRE ATT&CK versions, parser field changes, query operators, etc.  These changes are push to Devo domain on a periodic basis to ensure that our customers are taking use of the latest and greatest our platform has to offer in their detection stack.  The ability to update alerts to these latest versions is present in Devo Exchange and Security Operations and now with the latest release of MITRE ATT&CK Adviser users will be able to update their alerts for their existing coverage as well. 

Compare Alert Contents

We have provide a view into the difference between the old alert and the new alert, giving the user confidence about the changes the update will make to their Devo Domain. 

New Bulk Actions Added

The MITRE ATT&CK Adviser now includes additional bulk actions for alerts within the Alert coverage table.  Today the application allows users to bulk install and uninstall alerts and now with this release users will be able to bulk enable / disable alerts as well, causing alerts to trigger or not.

If you haven’t installed the MITRE ATT&CK Adviser,  get it here, for free!:

Quick Link on Devo Exchange