We're thrilled to announce the latest updates and additions to our alerting system with Release 23. This release brings enhancements to alert logic, and improved summaries, and introduces new alerts to bolster your security operations.
To access this new content, open the Security Operations app inside Devo and navigate to the Content Manager. Here, you can search for the detection name, update your existing detections or view all the new detection details and choose to deploy the new content.
Table of Contents
Improved Alerts:
-
SecOpsWinUserAddedToLocalSecurityEnabledGroup:
- Enhanced alert logic for detecting user additions to local security-enabled groups on Windows systems.
- Improved summary for better understanding and faster response.
-
SecOpsLinuxIrregularLoginSsh:
- Updated alert logic to identify irregular login activities via SSH on Linux systems.
- Refined summaries to provide clearer insights into potential security threats.
-
SecOpsO365AuthExcessiveFailedLoginsSingleSource:
- Updates to mmcity operation for Office 365 authentication alerts related to excessive failed logins from a single source.
- Streamlined summaries to facilitate quicker identification of suspicious activities.
-
SecOpsO365ImpossibleTravel:
- Revised alert logic for Office 365 impossible travel scenarios.
- Improved operation of mmcity for more accurate detection.
- Enhanced summaries to highlight impossible travel incidents effectively.
New Alerts:
-
SecOpsSlackPossibleSessionHijacking:
- Introducing a new alert to detect potential session hijacking in Slack environments.
- Monitors for suspicious activities indicating unauthorized access to Slack accounts.
- Provides detailed insights into possible session compromise for swift remediation.
-
SecOpsWinPowerSettings for MITRE Technique T1653:
- Brand new alert targeting MITRE technique T1653 focusing on Windows power settings manipulation.
- Alerts on suspicious changes to power settings indicative of potential adversary actions.
- Enables proactive defense against tactics aiming to manipulate power configurations for malicious purposes.
Stay vigilant with these upgraded alerts and leverage the new additions to strengthen your security posture. For further details, consult the documentation or reach out to our support team for assistance. Upgrade to Release 23 now and fortify your defenses against evolving threats.