Skip to main content

The Devo Security Alerts team has published OOTB Alerts Release 36! This release delivers improvements to 577 Out-of-the-Box (OOTB) alerts, representing the entire OOTB alert catalog available to you from Devo Exchange. Release 36  focuses on 3 themes: Optimized query performance, Integration of device data, and restructuring of mm2 operations to use the new functions. These updates provide more precise, faster, and actionable alerting, improving your overall security posture. To access this content, Devo Exchange has added easy-to-navigate notifications when updates to your installed alerts are available. Changes included in this update:

  • Rewritten Lookups & Optimized Queries: All 577 OOTB alerts now feature re-engineered lookup operations and optimized query performance (filtering before grouping).
  • Integrated Device Data: Comprehensive device data is now included in all OOTB alerts, providing richer context for quicker and more effective investigation.
  • Refactored mm2 Operations: The mm2 operations have been restructured to the new operations released by the development team. 

 

Sample of Alerts update by Class

Authentication

SecOpsAuthPasswordSprayHost
SecOpsAuthPasswordSprayIp
SecOpsCDPossibleIocIpFoundInAuthData

 

AWS

SecOpsAWSCreateloginprofile
SecOpsAWSDetectStsAssumeRoleAbuse
SecOpsAWSDetectUsersCreatingKeysWithEncryptPolicyWithoutMFA

 

Azure

SecOpsAzureDevOpsAuditDisabled
SecOpsAzureDevOpsPATMisuse
SecOpsAzureDevOpsProjectVisibilityChanged

 

Google

SecOpsGCPGCPloitExploitationFrameworkActivity
SecOpsGCPGCSBucketEnumerated
SecOpsGCPGCSBucketModified

 

Office365

SecOpsActivityPerformedByTerminatedUserO365
SecOpsAdministrativeActivityFromNonCorporateIPO365
SecOpsAnomalousBehaviorDiscoveredUsersO365

 

Linux

SecOpsLinuxCommandExecutionWebUser
SecOpsLinuxCompressEncryptData
SecOpsLinuxCurlExecution

 

DNS

SecOpsLog4ShellVulnOverDomainsUnionTableConnectionsWithLookup
SecOpsPossibleDnsEncodingQuery
SecOpsREvilKaseyaDomainConnection

 

Firewall

network/firewall/SecOpsFWPortScanExternalSource
network/firewall/SecOpsFWPortScanInternalSource
network/firewall/SecOpsFWPortSweepInternalSource

 

Proxy

SecOpsLog4ShellVulnerabilityCloudAzure
SecOpsLog4ShellVulnerabilityOverProxyConnections
SecOpsMoveitPotentialNetworkActivityExploitation

 

EDR

SecOpsHAFNIUMHashFoundFileTargetingExchangeServers
SecOpsLog4ShellVulnerabilityOverCrowdStrike
SecOpsMoveitWindowsEvtxFileCreation

 

Windows

SecOpsDeletingMassAmountOfFiles
SecOpsEnumerationFor3rdPartyCredsFromCli
SecOpsFailLogOn

Be the first to reply!
Terms & ConditionsCookie settings