The Devo Exchange team is happy to introduce a release filled with features and content! Release 2.2 adds a new content type: Queries! This new content category is launching with 130 queries in 5 categories. We have also updated the content submission tool to accept queries. Synthetic data, an amazing tool for testing your defenses has received a great new feature: Runtime settings!  You can now set the Synthetic Data injection to run for a variable length of up to 30 days. Along with more great improvements the team also also delivered a huge collection of new content.  Learn more below!

Geo Availability

Table of Contents

New Features

New Content Type: Queries

We have gathered around 130 queries and organized them into 5 categories for use as part of training and collaboration. You will find these query packs in their own category under All Content.

• Math Built-in Operations
• Event Day Built-in Operations
• Geolocation Built-In Operations
• Collector Ingestion Monitoring
• Active Directory Threat Detection

Each of these category packs contain a collection of LINQ queries for use in learning or helping you understand and build new queries.

Updated Content Proposal Tool

You can now share your queries using the Content Proposal Tool. Not only will sharing demonstrate your mastery of LINQ but you will help others discover, innovate and share new creations.

As with all submissions, it will go through a full evaluation before becoming available on Devo Exchange.

Synthetic Data Runtime Settings

2 major new additions improvements. First we added a dialog to allow you to set the duration of the Synthetic data injection, up to a maximum of 30 days.

Improvements

Copy Alert button in Alert Packs

With this new copy button, you can test alerts before installing them!

Improved Newest Sort

Sorting by Newest will now exclude updated content, focusing only on the newest released content.

New content Available

10 Activeboards have been upgraded with Multitenancy support

You can now use the following Activeboards in multitenancy environments to get detailed insight into your managed environments.

• Ingest Volume
• Collector Monitoring
• DataSource Monitoring
• Active Directory
• Relay Monitoring
• Firewall Monitoring
• Web Activity Monitoring
• Windows System Audit
• AWS Account Activity
• DataSources Insight

New Activeboards

Cloud Gsuite Reports

Cloud Gsuite Reports direct Exchange Links

Ingestion Volume

Ingestion Volume direct Exchange Links

Zscaler Zia Proxy

Zscaler Zia Proxy direct Exchange Links

New Alert Packs

Three new alert packs are available:

VCS Github Audit

VCS Github Audit direct Exchange Links

Ping Identity MFA

Ping Identity MFA direct Exchange Links

Remote System Discovery

Remote System Discovery direct Exchange Links

New Synthetic Data and Use Cases

 The Synthetic Data Pack

We have also added a content pack of Injections so you can quickly test a new client’s environment with a full breath of synthetic data.  With a single button, you can have your environment be alive with the following Synthetic data:

• VPN Cisco ASA Injection
• AWS Cloudtrail S3 Injection
• VPN Pulse Secure Injection
• CDN Akamai Cloudmonitor Injection
• Palo Alto Traffic Injection
• Windows Snare Injection
• Injection for Windows Activity AB
• Unix Events Injection
• Auth Okta Systems Injection

New Synthetic Data and Use cases

• Okta Authentication Use case v1.0.0
• Firewall Juniper SSG Injection v1.0.0
• Auth Okta System Injection v1.0.0
• Box Unix Events Injection v1.0.0
• SentinelOne Av Events Injection v1.0.0
• Auth DUO Authentication Injection v1.0.0
• VPN Cisco ASA AnyConnect Injection v1.0.0
• Cloud Gsuite Reports v1.0.0
• Windows Snare Injection v1.0.0
• VPN Pulse Secure Injection v1.0.0
• CDN Akamai CloudMonitor Injection v1.0.0
• Juniper SSG traffic Injection v1.0.0