Product Updates

Latest in new Collectors and Updated Collectors!  Make sure to schedule time with Devo Support to get those upgrades started!  Table of ContentsNew collectors: IBM Cloud VPC Flow Logs v1.0. Trellix Helix v1.0.0 IBM Cloud Activity Tracker v1.0.0 Fastly Next-Gen WAF v1.0.0b2 Microsoft Defender for IoT Collector v1.0.0 IBM Cloud Softlayer v1.0.0 LastPass v1.0.0 Collector updates  Cylance Collector v1.2.0 Github Collector v2.2.0 Wiz Collector v1.4.0 AWS collector v1.7.0 Salesforce v1.7.0  New collectors:IBM Cloud VPC Flow Logs v1.0.DocumentationTrellix Helix v1.0.0DocumentationIBM Cloud Activity Tracker v1.0.0DocumentationFastly Next-Gen WAF v1.0.0b2Documentation is coming soon.Microsoft Defender for IoT Collector v1.0.0DocumentationIBM Cloud Softlayer v1.0.0DocumentationLastPass v1.0.0Documentation Collector updates Cylance Collector v1.2.0DocumentationGithub Collector v2.2.0DocumentationWiz Collector v1.4.0DocumentationAWS collector v1.7.0DocumentationSalesforce v1.7.0Documentation

The essential Alert coverage management tool, the MITRE ATT&CK Adviser, has been upgraded with new tools, customization options, and filters for all your needs.Geo ReleaseRegion Status CA Released US Released EU Released APAC Released  Table of ContentNew Features Customize your Coverage Calculation Full Alert Context included Application Version Display New Alert Coverage Export [CSV] Improved filtering across all matrix types Easier installation of Alerts in Bulk Multi filter Selectors  New FeaturesCustomize your Coverage CalculationYou can now customize what techniques, logsources and alerts are taken into account for your coverage calculation!   Full Alert Context includedAll alerts now have full Alert descriptions and resources in the Alerts Coverage Table.Application Version DisplayEasily accessible, in app, version control including Framework version and release date. New Alert Coverage Export [CSV]Export your MITRE ATT&CK Alert coverage as a CSV file! Improved filtering across all matrix typesFind your familiar and powerful Alert Filters in all tabs! Easier installation of Alerts in BulkInstall all your custom Alerts easier and all at once with more Bulk Alert upload support. Detailed process is described in this Knowledge Base Article. Multi filter Selectors Some filters like LogSource now support multiple item filters!   Better selection for each of your use cases. See the full documentation on the MITRE ATT&CK Adviser here. 

Cyber attacks continue to increase in complexity and frequency. Talent shortage, excessive amounts of data, and the need for verified threat intelligence prevent security teams from rapidly identifying and responding to emerging threats.Collective Defense shares high-value insights and threat intelligence with Devo customers.  Devo Collective Defense is an intelligence program that leverages knowledge of threat activity and shares trends across the Devo user ecosystem. A feature of the Devo Platform, Collective Defense mines alert data and identifies insights, trends, and Indicators of Compromise (IOCs). These insights are then made available to Devo customers via real-time alert aggregations, investigations, and contained threats. Collective Defense: Analyzes customer data securely to find valuable insight, trending threats, and IOCs. Provides insights by aggregating alerts, investigations, and contained threats. Delivers a high-value, real-time feed containing insights to customers. Drives further threat research based on customer results. How does Collective Defense work?  Collective Defense:Provides early warnings on emerging threats through threat hunting analysts derived from Devo customer threat activity and trends. Accelerates investigations by providing validated and enriched threat intel to all participating Devo customers. Offers a unique advantage for Devo customers by leveraging Devo’s massive ingestion ability to scale and analyze millions of alerts across hundreds of domains. This data diversity provides a more comprehensive view of the threat landscape, and provides security teams with collective knowledge and insights, augmenting their expertise. What information does Collective Defense make available?Take a look: How can I leverage the information Collective Defense collects?You can leverage Collective Defense insights by enriching your alerts. Adding Collective Defense to your alerts is easy.  Search the IP address of the threat you are investigating and see if others have tagged it. For example, add this line to your alert:select ‘lu/CollectiveDefense’ (entity_sourceIP) as collective_defense Does Collective Defense benefit Security Operations?Yes!  The alert benefits are also included in the SecOps application. There is no need to copy/paste and pivot between websites and tabs. This eliminates manual work while providing high-value insights quickly. Is my data secure?Devo Collective Defense aggregates alert information only. No sensitive data is ever collected, stored, or shared with others. How Can I learn more about Collective Defense? Contact your CSM to learn more about Collective Defense! Available to all Devo customers, this is a great new feature to take advantage of within Devo.

 Security teams rejoice! Devo Behavior Analytics 1.5.0 will be available this week, incorporating new features and enhancements created from your feedback! Release InformationRelease Window: Wednesday November 15Customer Impact: None Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew Features Notable Entity List Entity Risk Groups  New FeaturesNotable Entity ListWhen a SOC Analyst comes to the Devo Behavior Analytics application and identifies an entity that looks suspicious but whose behavior is not worth an investigation, the Analyst would like to mark that entity to come back to later on and not have to remember the entity or write it down somewhere else.   Now, with the notable entity list within Devo Behavior Analytics, a user can add and remove entities from the notable list to track entities that need specific attention to ensure no further malicious behavior.  Learn more about this feature in this use case. Entity Risk GroupsEntity risk groups enables organizations identity specific sets of entities and adjust their risk score based on their own organizations context.  Let's discuss an example to showcase this new feature:Example Usecase for Entity Risk GroupsVIP Users Risk GroupVIP Users are users that are very important people to the organization such as the C-suite, administrators, etc. that have access to sensitive information or many different systems.  If these users were compromised or conducting risky behavior it is imperative to look into them sooner rather than later.  As a result, it is important to add risk multipliers to these users such that they bubble up to the top of the risk curve within Devo Behavior Analytics  Learn more about this feature in this use case. 

Devo Platform release 8.5.0 contains improvements to Lookups, Flow, and continued engine improvements in preparation more feature releases.Deployment InformationRelease scheduled for 11 AM CETDuration: 2 hoursCustomer Impact: None Release by GeoRegion Status GovCloud Released CA Released US Released EU Released APAC Released  Table of ContentsNew Features Persistent Error Feedback for LookUps Improved performance and responsiveness of Home Page Flow Smart Editor Flow New Unit: GameOver Vulnerabilities fixed: New FeaturesPersistent Error Feedback for LookUpsLookups displaying a Creating/Deleting/Updating status where the associatedthe operation has failed, will display an error status icon (bluebell), when you click on it, a dialog window with the corresponding error will be displayed.In the case or several errors occurring during the operation, only the last one will be displayed. Improved performance and responsiveness of Home PageNew robust backend cache system implemented to retrieve and enhance home page widget data usage.The Cache is refreshed either Manually(with browser refresh button) or Automatically (every hour). Flow Smart EditorIntegrate smart editor for query fields with syntax highlights and auto-completion for LINQ Language.Flow New Unit: GameOverThis new unit will allow a context to stop/delete itself when its task is done. This new module will be available in the PROC group. It’s components are:Ports: Stop: when an event is recieved on this port the context where the unit is used will be stopped. Delete: when an event is recieved on this port the context where the unit is used willb e deleted.  Vulnerabilities fixed:CVE-2023-2976 CVE-2023-34462 CVE-2023-2976 CVE-2023-3635 GHSA-58qw-p7qm-5rvh CVE-2023-20863 

Like a famed Spartan, Devo Soar update 117 is a capable contender!  Lets take a look! Region Status CA Released US Released EU Released APAC Released   Table of ContentsNew Features Automation Enhancements Bug Fixes  New FeaturesAutomationIntroduction of a new integration: FireEye Helix FireEye Helix is a security operations platform that simplifies delivering advanced security to any organization. It surfaces unseen threats and empowers expert decisions with frontline intelligence to take back control of your defenses and capture the untapped potential of your security investments.  EnhancementsJSON value is shown in the minimized format in the Stream batch details page. Added support of command click in a new tab in the listing pages. The user is able to open the playbook in the easy mode with a version in the query param. Microsoft Graph integration has added 21 new actions. Intezer integration has added 6 new actions: Analyze a URL, Get URL analysis result, Get quota usage, Get Family Artifacts, Get An Artifacts By Family Report and Get Code Reuse Exchange (Quarantine Messages) integration has upgraded the ExchangeOnlineManagement library to 3.1.0 In Devo integration added Response type optional input field in Run Query action Bug Fixeslhub_ts column value showing in epoch instead of the date-time format in the Stream batch details page. We have fixed this now.

The Integrations team has released a selection of new collectors and updates to existing ones documented below! Speak with your CSM if you need a New Collector or an Update to an existing collector! Table of ContentsNew Collectors Dynatrace v1.0.0b1 AWS Collector v1.6.0 Radware CWAF v1.0.0b1 Trellix ePO v1.0.0B2 Cisco Umbrella v1.0.0b1 Tenable IO v1.3.0 Updated Collectors ServiceNow v1.3.0 Proofpoint Isolation Collector v1.1.1 Rapid 7 IntSights Collector v2.2.0 Microsoft Azure Collector v1.7.1 Microsoft Defender Cloud Apps Collector v1.1.2 Microsoft Graph v1.7.1 New CollectorsDynatrace v1.0.0b1Doc Page to be updated as soon as it is liveAWS Collector v1.6.0View the DocumentationRadware CWAF v1.0.0b1Doc Page to be updated as soon as it is liveTrellix ePO v1.0.0B2View the DocumentationCisco Umbrella v1.0.0b1View the DocumentationTenable IO v1.3.0View the Documentation Updated CollectorsServiceNow v1.3.0View detailed page in Docs.Proofpoint Isolation Collector v1.1.1View detailed page in Docs.Rapid 7 IntSights Collector v2.2.0View detailed page in Docs.Microsoft Azure Collector v1.7.1View detailed page in Docs.Microsoft Defender Cloud Apps Collector v1.1.2View detailed page in Docs.Microsoft Graph v1.7.1View detailed page in Docs.

 Devo is happy to present the latest updates to the Devo Platform.   Release 8.4.0 brings some great improvements, bug fixes and many under the hood improvements! GeoReleaseRegion Status GovCloud Released CA Released US Released EU Released APAC Released  Table of ContentsImprovements Improved field grouping for User and Domain Preferences Custom Table improvements MSSP Demo data access improvement Bug Fixes ImprovementsImproved field grouping for User and Domain PreferencesAll preferences are now clearly nested in the UI for clarity and ease of use. Custom Table improvementsraw/rawMessage fields are now optionally accessible.  When creating a new custom table and in order to better control the access of confidential information, you now have the option to toggle on/off the inclusion of raw/rawMessage fields. MSSP Demo data access improvementIn order to avoid access issues using demo.ecommerce.data table, Demo tables have been disabled in root domains.  They are still available in all multitenant to domains.  This option is controlled through the new preference “Hide demo tables in finder under User and Domain preferences.Bug Fixes When editing a Lookup with a column name that included dots ("."), the values of that column were not displayed. Role mapping with SAML2 or OpenId authentication login wouldn’t allow for user roles to be modified. A SAML2 drop-down in domain preferences would lose its selected value when the page was refreshed. This release also included under-the-hood improvements in preparation of the next release!  View the release in Docs!

 Devo SOAR update brings you new integrations, enhancements and bug fixes to increase your SOAR functionality.    In this update OpsGenie and Intezer integrations are introduced as well as enhancements to RecordedFuture integration and more!Table of Contents:New Features OpsGenie integration Intezer integration Enhancements Bug Fixes New FeaturesOpsGenie integrationThe OpsGenie ensures you will never miss a critical alert. With deep integrations into monitoring, ticketing, and chat tools, Opsgenie groups alerts, filters out the noise, and notifies you using multiple channels, providing the necessary information for your team to begin resolution immediately.Intezer integrationIntezer is a platform built to analyze and investigate every alert like an experienced security analyst and reverse engineer. EnhancementsAdded support to unlock anyone's account from UI. In Recorded Future integration, add pagination support in Search Credentials Data action. DNS added a new action whois (hostname). Add support for search functionality in Easy mode. Bug FixesIntermittently showing an extra border on each section when opening the case report page. We have fixed this now. Render Template action in Utilities integration is breaking when no input is given in Render Number. We have fixed this now. When searching Playbook Event Type in easy mode is not showing. We have fixed this now. The playbook usage count is always shown as 0 in the Usage Limits section. We have fixed this now.

Devo’s latest Platform update brings better communication when creating LookUps and multitab session management improvements. Release InformationDelivered October 3 Time: 9:00 am UTC (11:00 am ET) Duration: 1h Impact: No impact on services Region Status CA Released US Released EU Released APAC Released  Table of ContentsUser interaction improvements Lookup Validations Introducing Web Session Control for Multi-Tab sessions Enhancements Improved Finder loading speed Bug Fixes Autoparser Tokens Relay   User interaction improvementsLookup ValidationsWe’ve implemented a more specific set of error messages to provide clear information of problems before creating lookups.  This will help provide immediate feedback before clicking the create button with detailed information about the cause and solution.  We also enhanced the validation rules to provide proactive prevention of potential issues.Introducing Web Session Control for Multi-Tab sessionsNew management of web sessions when disconnection occurs by timeout or change domain. An informational modal window is generated to inform of the tab session closure.When this occurs in the middle of a task, the user can remove the modal and copy any unsaved work before releasing the tab.  EnhancementsImproved Finder loading speedWe’ve enabled a cache for the FInder to speed up repeat access.  When necessary, use the refresh button to bypass the cache.  This will enhance the workflow when reopening tables already created. Bug FixesAutoparserEnhanced autoparser recognition of values encased in quotation marks. Fixes the problem with boolean values in quotes, you can then use LINQ syntax to convert the field into a boolean field.TokensVery rare case where token description field would be blank has been corrected. When creating a token in “Credentials” you can now interact with the Month and Year values.RelayFixed compression configuration so it is now fully editable.  

Whatever the problem, Devo SOAR has the answer.  Here is the latest update release notes. Table of ContentsNew in Automation Introducing the latest Devo Soar integration: Absolute Enhancements Devo Connection Devo Integration Microsoft Graph Cybereason Microsoft Defender for Endpoint Bug FixesNew in AutomationIntroducing the latest Devo Soar integration: AbsoluteThe Absolute® Platform leverages a cloud-based, highly-available, and secure multi-tenant architecture across different regions. It’s comprised of various foundational components that power Absolute product features and are being leveraged by the company’s enterprise customers and ecosystem partners alike. EnhancementsDevo ConnectionImproved the process of adding a Devo Connection.Devo IntegrationAdded 1 new action for Devo IntegrationSend a single eventMicrosoft GraphAdded 12 new actions for Microsoft Graph based on passwordMethod, PhoneAuth and Authenticator.CybereasonAdded 2 new actions for Cybereason integration: Get custom reputation Get remediation statusMicrosoft Defender for EndpointDeprecated Submit Indicator action for Microsoft Defender for Endpoint integration and added a new action with added JSON request body field. Bug FixesCredentials stored in Web API integration connection reference values are displayed in errors. We have fixed this now. If someone uploads a CSV which has a missing label row, and they try to create a pie chart, the page breaks. We have fixed this now.

In this release, we have improved the performance of the Triage page when the tags are loaded, deleted Dynamic Lookups from Content Manager, addressed SecOps bugs, and remediated security vulnerabilities. Increase the performance of the Triage pageThe performance of the Triage page is improved when the tags associated with the triggered alerts are loaded. Delete Dynamic Lookups from Content ManagerDynamic Lookups are deleted from the Content Manager because Dynamic Lookups are deprecated. Bug fixesWhen NASS or Autoregister is not working, the API can be deployed. Access to Content Manager correctly works despite an alert is not correctly configured. Entities Map is displayed even when no data are available. When the amount of installable alerts is greater than 1000, it will show all alerts.     Security UpdateMultiple security updates to address potential security risks.

The Devo Exchange team produces a large collection of useful and customer-requested Activeboards, Use Cases, and MITRE Alerts to help you speed up your workflow.  Here are the new additions for September.Table of ContentsNew Activeboards Azure Cloud Sign In AWS Security Lake Web Analytics Office 365 Exchange Office 365 SharePoint Office 365 OneDrive New MITRE Alert Content Packs Remote Access Software Remote Service Session Hijacking Rogue Domain Controller Server Software Component Service Stop Stage Capabilities New Use Case CrowdStrike Detections AB Use case New Synthetic Data Office 365 Management Injection Crowdstrike Injection  New ActiveboardsVisualize your data with style, these Activeboards are great as is or as a starting point for your own Activeboard!Azure Cloud Sign InOpen in  Devo Exchange.AWS Security LakeOpen in  Devo Exchange.Web AnalyticsOpen in  Devo Exchange.Office 365 ExchangeOpen in  Devo Exchange.Office 365 SharePointOpen in  Devo Exchange.Office 365 OneDriveOpen in  Devo Exchange. New MITRE Alert Content PacksImpressively the grand total of MITRE Alerts available on Devo Exchange is now 450!Remote Access SoftwareOpen in Devo Exchange.Remote Service Session HijackingOpen in Devo Exchange.Rogue Domain ControllerOpen in Devo Exchange.Server Software ComponentOpen in Devo Exchange.Service StopOpen in Devo Exchange.Stage CapabilitiesOpen in Devo Exchange. New Use CaseCrowdStrike Detections AB Use caseThis use case allows you to visualize "CrowdStrike Detections Navigator" Activeboard using synthetic sample data.Open in Devo Exchange. New Synthetic DataSynthetic data allows you to simulate data from a source in order to test a companion Activeboard or your own Activeboards.  The data stream can be turned off in Devo Exchange.Office 365 Management InjectionOpen in Devo Exchange.Crowdstrike InjectionOpen in Devo Exchange.

The Integrations team has released a selection of new collectors and updates to existing ones documented below! Speak with your CSM if you need a New Collector or an Update to an existing collector! Table of ContentsNew Collectors Microsoft Defender for IoT Collector v1.0.0b1 Bitwarden Collector v1.0.0b1 MS Graph v1.7.0b1 (new data sources added)  Cyble Vision Collector v1.0.0  Mandiant Advantage Collector v1.0.0b1 IBM Cloud VPC Flow v1.0.0b1 IBM Cloud Softlayer v1.0.0b1  IBM Cloud Activity Tracker v1.0.0b1 Updated Collectors Github collector v2.1.0  AWS collector v1.5.0  SentinelOne collector v1.4.0  Recorded Future v1.3.0  Cybereason v1.2.0  OneTrust v1.2.0  AlienVault OTX v1.1.0  Wiz Cloud Security v1.2.0  Cylance v1.1.0  Agari Phishing Defense v1.2.0  JumpCloud v1.1.0  Microsoft Azure Collector v1.7.0  Okta Resources Collector v1.8.0 (new functionality) Microsoft Defender Cloud Apps Collector v1.1.0  Microsoft O365 Message Tracing Collector v2.2.0  Rapid7 InsightVM v1.4.0  Infocyte Collector v1.3.0   New CollectorsMicrosoft Defender for IoT Collector v1.0.0b1Link to Documentation PageBitwarden Collector v1.0.0b1Doc Page in progress.MS Graph v1.7.0b1 (new data sources added) View information in our Documentation.Cyble Vision Collector v1.0.0 View information in our Documentation.Mandiant Advantage Collector v1.0.0b1View information in our DocumentationIBM Cloud VPC Flow v1.0.0b1View information in our DocumentationIBM Cloud Softlayer v1.0.0b1 View information in our DocumentationIBM Cloud Activity Tracker v1.0.0b1View information in our Documentation Updated CollectorsGithub collector v2.1.0 View information in our Documentation.AWS collector v1.5.0 View information in our Documentation.SentinelOne collector v1.4.0 View information in our Documentation.Recorded Future v1.3.0 View information in our Documentation.Cybereason v1.2.0 Doc Page in progress.OneTrust v1.2.0 View information in our Documentation.AlienVault OTX v1.1.0 View information in our Documentation.Wiz Cloud Security v1.2.0 View information in our Documentation.Cylance v1.1.0 View information in our Documentation.Agari Phishing Defense v1.2.0 View information in our Documentation.JumpCloud v1.1.0 View information in our Documentation.Microsoft Azure Collector v1.7.0 View information in our Documentation.Okta Resources Collector v1.8.0 (new functionality)View information in our Documentation.Microsoft Defender Cloud Apps Collector v1.1.0 View information in our Documentation.Microsoft O365 Message Tracing Collector v2.2.0 View information in our Documentation.Rapid7 InsightVM v1.4.0 View information in our Documentation.Infocyte Collector v1.3.0 View information in our Documentation. 

Devo Exchange team is happy to bring you the latest update for the MITRE ATT&CK Adviser.  This release brings critical functionality to the MITRE ATT&CK Adviser, allowing the management of multitenant domains. Administrators have a full view of the alert coverage information of each child domain in their portfolio.Release InformationReleased in all Geos.Table of ContentsNew Features Tenant Filter MSSP Support Enhancements New “No Alerts Fired” New notification for missing injections  New FeaturesTenant FilterThis new filter allows MSSP’s to quickly switch between clients.MSSP SupportMSSPs can view the client domain alert coverage they are currently logged in to and get critical insights into the alert landscape for their clients.EnhancementsNew “No Alerts Fired”When the time period selected results in no alerts fired, a new message notification is displayed, guiding you to select a new time period. New notification for missing injectionsThis new notification will inform the user if a log source for an installed alert does not have a log source injection. View the App in Devo Exchange!

A correlation engine with perks!  The new Devo Flow comes packed with new features! Release InformationTime Window: Tuesday September 19, 9:00 AM UTCDuration: 2 HoursImpact: NONE Geo AvailabilityRegion Status GovCloud Released CA Released US Released EU Released APAC Released  Table of ContentsNew Features New Visualization of Publish template results New Functionality for HTTPCall module Enabled Batch Processing of DevoSource module New Actions: Stop & Unload  New FeaturesNew Visualization of Publish template resultsNew look to published template results!  A new window will open with the instances name and the results of the publish.  If there are errors, a new dropdown is available with all the information.New Functionality for HTTPCall moduleTwo new fields are available:Max RetriesYou can enter the number of retries when the response status code is outside the success range of 200-299.  However if you do not want to perform retries, just set the value to 0.Delay between RetriesIf you do define the maximum number of retries, a new field will become available that will allow you to configure the delay between replies in seconds. Enabled Batch Processing of DevoSource moduleYou can now toggle ON to request the stalls and results.  This is possible only once the specified time grouping period has elapsed.  This period defaults to 1 minute if the grouping period is not specified.New Actions: Stop & UnloadWe’ve merged the action of Stop & Unload, now when you click/call the stop action, the context will be unloaded from the server.  As a consequence, the Unload button has been removed from the UI.

The Integrations team has released a selection of new collectors and updates to existing ones documented below!  Documentation pages for these collectors are being updated now.Table Of ContentsNew Collectors Trend Micro Email Security Collector v1.0.0 Workday Collector v1.0.0 Thinkst Canary Collector v1.0.0 Lastpass Collector v1.0.0 Collectors Updates Crowdstrike API Resource Collector v1.4.3b2 Office 365 Exchange Message Tracing v2.1.1 Salesforce Collector v1.6.0 Sophos Central Collector v1.2.0 Trend Micro Vision One Collector v1.1.0 Google Cloud Platform v1.4.0 Gsuite Google Workspace Report v1.8.0 Onelogin Collector v1.2.0 Cisco Meraki Collector v1.4.0 New CollectorsTrend Micro Email Security Collector v1.0.0Trend Micro Email Security screens out malicious senders and analyzes content to filter out spam. It examines sender authenticity and reputation and defends against malicious URLs.Learn more about this collector.Workday Collector v1.0.0Workday is a service that automates the sourcing, aggregation, normalization, and data management of security data across your organization into a security data lake stored in your account.Learn more about this collector.Thinkst Canary Collector v1.0.0Thinkst Canary detects security breaches. Users can order, configure, and deploy their Canary Tokens throughout their network.Learn more about this collector.Lastpass Collector v1.0.0Learn more about this collector. Collectors UpdatesCrowdstrike API Resource Collector v1.4.3b2Link to the Documentation pageOffice 365 Exchange Message Tracing v2.1.1Link to the Documentation page.Salesforce Collector v1.6.0Link to the Documentation page.Sophos Central Collector v1.2.0Link to the Documentation page.Trend Micro Vision One Collector v1.1.0Link to the Documentation page.Google Cloud Platform v1.4.0Link to the Documentation page.Gsuite Google Workspace Report v1.8.0Link to the Documentation page.Onelogin Collector v1.2.0Link to the Documentation page.Cisco Meraki Collector v1.4.0Link to the Documentation page.  

Devo Relay 2.5.0 brings updates to Transport Layer Security support, bug fixes, and vulnerability patches!Release informationTime Window:  Tuesday, September 5, 9:00 AM UTCDuration: 1 HourImpact: NONE Table of ContentsSupport for TLS v1.3 Cleaned up Startup Error messages Recovery of Relay service Improved Vulnerability Fixes Support for TLS v1.3With this update, the default send method will be TSL v1.3 instead of TSL v1.2.  As all ELBs already support TLS v1.3, with this change, end-to-end connection can be supported in TLS 1.3. Cleaned up Startup Error messagesConfusing errors on start-up have been cleared up and removed! Recovery of Relay service ImprovedImproved Relay status updating after an abrupt stop.  Killing Relay service with SIGKILL is now handled correctly Vulnerability Fixesguava (CVE-2023-2976) spring-core (CVE-2023-20861, CVE-2023-20863)

 Devo is happy to make available the latest release of the Devo Platform.  This update brings a selection of improvements and bug fixes sourced by our customers!Release InformationTime Window: Thursday August 31, 9:00 AM UTCDuration: 2 HoursImpact: NONE Geo Availability <Region Status CA Released US Released EU Released APACReleased  Table of ContentsNew Features New Data Search Events marked on arrival  Alert Subscription Enhancement Improvements Aggregation Task calendar migrated to Data Search time picker Improved Data Search Copy command Increased Home Widget Accuracy Enhanced LookUp Errors Better handling of large synthesis operations Bug Fixes New FeaturesNew Data Search Events marked on arrivalNew highlights added to new events on both Table View and List view in Data Search. Alert Subscription EnhancementThe user’s email is now displayed on the Alert Subscription page instead of the Username.  This conforms with the consistent behavior through other pages in Devo ensuring an expected experience.  ImprovementsAggregation Task calendar migrated to Data Search time pickerImproved Data Search Copy commandImproved UX with the contextual menu “Copy” reducing the number of mouse clicks required to reach the command. Increased Home Widget AccuracyUnits are now accurately displayed between the volume widget and the shown metric. Both now display the superior binary ingestion size (TiB, GiB, MiB, KiB) over the previously used decimal (TB, GB, MB, KB) representation.  This change ensures clear and correct data visualization for ingestion within your domain. The Event Volume chart on the Home Page is now more accurate due to this change.  The data continues to be accurate, and now the average and limit lines will match the data exactly. Enhanced LookUp ErrorsThe team has made huge efforts to create more detailed error outputs to better diagnose and troubleshoot Lookup issues.   In addition to this, errors are now available in multiple languages, including Catalan!Our goal here is to continuously improve the LookUp experience! Better handling of large synthesis operationsWe’ve increased the size of POST and DELETE requests to accommodate larger synthesis operations.  We also added new error messages with details to help diagnose problems with large synthesis operations.  Bug FixesImprove Autoparser handling of INTEGER types. Improve Aggregation task calendar Fixed an issue with relative dates when using search history Improved ip4 operation handling 

I have created a LINQ Operator Discovery Resource for all Devo users to learn about what operators are available to use for your Data Search Queries.I created two custom pages to contain all this wonderfulness. This resource will let you quickly filter and search for the right operator to fit your needs.  Members of Devo Connect only. The full list of operators and code examples.  I also have it in PDF format attached. Please leave a comment and let me know what you think!To my LINQ Bible group,  thank you for all your help, here is the results! PDF LINKPing me here if you need me to send it to you!

This is a small update containing Vulnerability fixes and a bug resolution.  The team continues to work on new features, stay tuned! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsBug fix  Vulnerability fixesBug fix Resolved issue that occurred when Alerts were updated by API, uploaded successfully but when viewed individually triggered the error “Oops, something went wrong”.Vulnerability fixesIdentified vulnerabilities were remediated. 

Devo is happy to deliver this new version of the Platform.  Containing new features and improvements to Activeboards. Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew Features New Activeboard Widget - Calendar Heatmap Improvements Improved Widget - MakersMap New look and usability improvements for Charts Improvements to Export to PDF  New FeaturesNew Activeboard Widget - Calendar HeatmapThe new Calendar Heatmaps represent time-series numerical data through a conventional calendar where each day is shaded on a light to dark gradient based on the sum of the values of the said numerical variable along the day. ImprovementsImproved Widget - MakersMapMakerMap is now using the new Google maps library “@googlemaps/marketclusterer”.  This new library  brings the following improvements:More accurate location icons:  Correct icon placement at all zoom levels. New grouping location functionality: New Design Proportional icon size to the number of locations it represents More than 5 colors possible! A themed color palette is implemented. When several icons overlap, the biggest one is displayed at the foreground. New look and usability improvements for ChartsCharts receive new colors, and legends are now delimited with a background light gray area. Improvements to Export to PDFCleaned up header duplication Improvements to layout

New SOAR release includes new functionality, vulnerability and bug fixes! Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew features New Actions for Sailpoint New to Zendesk Integration Improvements Bug Fixes New featuresNew Actions for SailpointSailpoint Integration has added 6 new actions:Search List Accounts Delete Account Get Account Activity List Account Activities Get AccountNew to Zendesk IntegrationAdded token-based authentication at the connection level. ImprovementsDestination: Added retries and visibility of the result of forwarding.Improved performance of loading detection under My UseCases section.Disabled Query section when we run/update SQL node.Changed from Python2 to Python3 for vulnerability fix in the following integrations:GRR Nmap UtilitiesCode vulnerability fix by removing the usage of the static jar from:JDBC Microsft SQL ServerBug FixesIf a user’s password expires (per system security settings), or if an admin resets a user’s password and gives them a temporary password, that password can still be used for whatever the user wants in scripting without authorization being denied. We have fixed this now. Update Case/ Create Case action failing for field( type single select) update with an invalid value of integration Case Management. We have fixed this now. Showing proper error message when some error occurs in connecting the server or retrieving the message of integration Exchange (Quarantine Messages).

This release of the Devo Platform addresses customer feedback and bug fixes.Geo AvailabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsUpdated Changes to Inactivity System Bug Fixes Data Access Error Alert counters bug Query Dispatcher Error  UpdatedChanges to Inactivity SystemInactivity will now be calculated on all tabs consistently instead of each individual tab. The Inactivity pop-up will be triggered and removed simultaneously on all Devo tabs.Bug FixesData Access ErrorFIXED - Error when editing data access due to inactive domains being selectable.  Inactive domains are now excluded from selection box.Alert counters bugFIXED - Several alerts not showing the counters for each value in fields correctly.Query Dispatcher ErrorFIXED- Bug that caused error code 600 in the Query Dispatcher when opening Data Search from search.

The Integrations team has released in this update, a selection of new collectors and updates to existing ones documented below! Geo availabilityRegion Status CA Released US Released EU Released APAC Released  Table of ContentsNew Collectors Spycloud Collector 1.0.0 Proofpoint CASB Collector 1.0.1 CyberArk EPM Collector 1.0.0 Taxii Collector 1.0.0 Collectors Updated Azure Collector 1.6.0 MS Graph 1.6.2 Google Workplace Alerts (aka Gsuite Alerts) 1.6.0 CrowdStrike API Resource Collector 1.4.2 Spycloud 1.0.1 Okta Collector 1.7.0 Cisco eStreamer collector 1.3.0 Rapid7 Insights 2.0.0 Office 365 Exchange Message Tracing 2.1.0  New CollectorsSpycloud Collector 1.0.0The SpyCloud collector can help fraud prevention teams stay ahead of customer ATO fraud by detecting and resetting exposed consumer passwords early in the breach lifecycle, heading off account takeover attempts. Full details here.Proofpoint CASB Collector 1.0.1Proofpoint Cloud App Security Broker (Proofpoint CASB) helps you secure applications such as Microsoft Office 365, Google Workspace, Box, and more. It gives you people-centric visibility and control over your cloud apps, so you can deploy cloud services with confidence. Full details here.CyberArk EPM Collector 1.0.0CyberArk is an Identity Security Platform that enables secure access for any identity — human or machine — to any resource or environment from anywhere, using any device. Full details here.Taxii Collector 1.0.0Trusted Automated Exchange of Intelligence Information (TAXII™) is an application protocol for exchanging CTI over HTTPS. ​TAXII defines a RESTful API (a set of services and message exchanges) and a set of requirements for TAXII Clients and Servers. Full details here. Collectors UpdatedAzure Collector 1.6.0» DetailsMS Graph 1.6.2» DetailsGoogle Workplace Alerts (aka Gsuite Alerts) 1.6.0» DetailsCrowdStrike API Resource Collector 1.4.2» DetailsSpycloud 1.0.1» DetailsOkta Collector 1.7.0» DetailsCisco eStreamer collector 1.3.0» DetailsRapid7 Insights 2.0.0» DetailsOffice 365 Exchange Message Tracing 2.1.0» Details