Devo ThreatLink, an integral part of Case Management, automates alert triage, reducing the analyst workload from thousands of alerts to tens of daily cases. This streamlined process allows security teams to focus on the most critical incidents, significantly improving efficiency and reducing alert fatigue. Release 1.4 brings with it new playbooks, updated error handling and updates to the case template and Audit logging. If you want to learn more about Threat Link, view this article. The benefits of Threatlink need to be seen, if would like to see a demonstration, speak with your Devo Representative!
Table of Contents
New Features and Updates
New Playbook available
Introducing the “Close Linked SIEM Alerts on Case Closure”. This playbook will run ever ucustomer defined] minutes to “close” alerts in the SIEM once a case is closed.
Requirements
- Threatlink 1.4 or greater
- Updated case setting template
Upgrade for Fetch Alerts
Fetch Alerts now uses FetchAlertsV2 Integration.
Updates to ThreatLink Case Template fields
We’ve added a new field called “siem_alerts_closed”. This field needs to be added to the system tab in the case template. We have also added a new field called “resolution_notes”. This needs to be added to the workflow section in the case template.
Updated SOAR Audit Logging
We’ve updated SOAR Audit Logging to version 1.7, the main changes in this update are:
- Added comments to the output
- Added case title to the output
Updated ThreatLink Dashboard: Past 7 Days
The Past 7 Days dashboard has been upgraded to v1.1.0