Recently active topics
Whatever the problem, Devo SOAR has the answer. Here is the latest update release notes. Table of ContentsNew in Automation Introducing the latest Devo Soar integration: Absolute Enhancements Devo Connection Devo Integration Microsoft Graph Cybereason Microsoft Defender for Endpoint Bug FixesNew in AutomationIntroducing the latest Devo Soar integration: AbsoluteThe Absolute® Platform leverages a cloud-based, highly-available, and secure multi-tenant architecture across different regions. It’s comprised of various foundational components that power Absolute product features and are being leveraged by the company’s enterprise customers and ecosystem partners alike. EnhancementsDevo ConnectionImproved the process of adding a Devo Connection.Devo IntegrationAdded 1 new action for Devo IntegrationSend a single eventMicrosoft GraphAdded 12 new actions for Microsoft Graph based on passwordMethod, PhoneAuth and Authenticator.CybereasonAdded 2 new actions for Cybereason integration: Get
In this release, we have improved the performance of the Triage page when the tags are loaded, deleted Dynamic Lookups from Content Manager, addressed SecOps bugs, and remediated security vulnerabilities. Increase the performance of the Triage pageThe performance of the Triage page is improved when the tags associated with the triggered alerts are loaded. Delete Dynamic Lookups from Content ManagerDynamic Lookups are deleted from the Content Manager because Dynamic Lookups are deprecated. Bug fixesWhen NASS or Autoregister is not working, the API can be deployed. Access to Content Manager correctly works despite an alert is not correctly configured. Entities Map is displayed even when no data are available. When the amount of installable alerts is greater than 1000, it will show all alerts. Security UpdateMultiple security updates to address potential security risks.
The Devo Exchange team produces a large collection of useful and customer-requested Activeboards, Use Cases, and MITRE Alerts to help you speed up your workflow. Here are the new additions for September.Table of ContentsNew Activeboards Azure Cloud Sign In AWS Security Lake Web Analytics Office 365 Exchange Office 365 SharePoint Office 365 OneDrive New MITRE Alert Content Packs Remote Access Software Remote Service Session Hijacking Rogue Domain Controller Server Software Component Service Stop Stage Capabilities New Use Case CrowdStrike Detections AB Use case New Synthetic Data Office 365 Management Injection Crowdstrike Injection New ActiveboardsVisualize your data with style, these Activeboards are great as is or as a starting point for your own Activeboard!Azure Cloud Sign InOpen in Devo Exchange.AWS Security LakeOpen in Devo Exchange.Web AnalyticsOpen in Devo Exchange.Office 365 ExchangeOpen in Devo Exchange.Office 365 SharePointOpen in Devo Exchange.Office 36
The Integrations team has released a selection of new collectors and updates to existing ones documented below! Speak with your CSM if you need a New Collector or an Update to an existing collector! Table of ContentsNew Collectors Microsoft Defender for IoT Collector v1.0.0b1 Bitwarden Collector v1.0.0b1 MS Graph v1.7.0b1 (new data sources added) Cyble Vision Collector v1.0.0 Mandiant Advantage Collector v1.0.0b1 on) IBM Cloud VPC Flow v1.0.0b1 IBM Cloud Softlayer v1.0.0b1 IBM Cloud Activity Tracker v1.0.0b1 Updated Collectors Github collector v2.1.0 AWS collector v1.5.0 SentinelOne collector v1.4.0 Recorded Future v1.3.0 Cybereason v1.2.0 OneTrust v1.2.0 AlienVault OTX v1.1.0 Wiz Cloud Security v1.2.0 Cylance v1.1.0 Agari Phishing Defense v1.2.0 JumpCloud v1.1.0 Microsoft Azure Collector v1.7.0 Okta Resources Collector v1.8.0 (new functionality) Microsoft Defender Cloud Apps Collector v1.1.0 Microsoft O365 Message Tracing Collector v2.2.0 Rapid7
Devo Exchange team is happy to bring you the latest update for the MITRE ATT&CK Adviser. This release brings critical functionality to the MITRE ATT&CK Adviser, allowing the management of multitenant domains. Administrators have a full view of the alert coverage information of each child domain in their portfolio.Release InformationReleased in all Geos.Table of ContentsNew Features Tenant Filter MSSP Support Enhancements New “No Alerts Fired” New notification for missing injections New FeaturesTenant FilterThis new filter allows MSSP’s to quickly switch between clients.MSSP SupportMSSPs can view the client domain alert coverage they are currently logged in to and get critical insights into the alert landscape for their clients.EnhancementsNew “No Alerts Fired”When the time period selected results in no alerts fired, a new message notification is displayed, guiding you to select a new time period. New notification for missing injectionsThis new notification will inform the
A correlation engine with perks! The new Devo Flow comes packed with new features! Release InformationTime Window: Tuesday September 19, 9:00 AM UTCDuration: 2 HoursImpact: NONE Geo AvailabilityRegion Status GovCloud Released CA Released US Released EU Released APAC Released Table of ContentsNew Features New Visualization of Publish template results New Functionality for HTTPCall module Enabled Batch Processing of DevoSource module New Actions: Stop & Unload New FeaturesNew Visualization of Publish template resultsNew look to published template results! A new window will open with the instances name and the results of the publish. If there are errors, a new dropdown is available with all the information.New Functionality for HTTPCall moduleTwo new fields are available:Max RetriesYou can enter the number of retries when the response status code is outside the success range of 200-299. However if you do not want to perform retries, just set the value to 0.D
Open the firewall.juniper.ssg.traffic table. Notice that the histogram shows the flow of events over a period of time defined beneath, in the time range. Use the time range filter to show only those events ingested today. Hint: Don’t forget to click on the Apply button! On the data feed below, click to select two or three events (rows) and use the View selected events tool to browse the event data. This tool is accessible from the UI toolbar. Remember that you can also press the spacebar key as a shortcut to opening this tool. Change the name of this query to exercises.basics.one.InitialsMonthDayYearHHmm (for example, "exercises.basics.one.jd041420201750"). Hide all fields except eventdate, service, srcIp, and dstIp. Since you are still here reading, try this: See if you can identify another way of opening data tables. Mark the query as a favorite, then close the query. Return to the finder and confirm that the query appears in your list of favorite queries. Notice how t
At the end of the day, Devo is about data reduction. Devo helps user focus on the data they need, to find the needle in the haystack. There are certainly several approaches towards data reduction. Oftentimes, data is reduced as a result of operations, but we can also hide irrelevant information from the UI with very simple steps. Let’s see it!Some data tables contain a very large number of fields and often, we don’t need to use the data contained in these fields. This is when it’s useful to hide fields so that we can focus on the data that really interests us. One of the analysts at Arcadia wants to work with the firewall.juniper.ssg.traffic table but doesn’t need to use the data in most of the fields.Show her how she can hide all of the fields except eventdate, machine, srcIp, dstIp, srcPort, and dstPort before she even opens the firewall.juniper.ssg.traffic table.it is possible to do this both from the finder and also from the search window. However, the result is not exactly the sa
We know that in Devo we access our data by using the finder tool, which can be found in the Data search area.Let’s recall what we’ve learned by using the finder to look at the events that have been ingested by Devo up to now. How many hierarchical tag levels does the finder contain? How many brands of firewalls have sent events to this domain at least once? How many brands of proxy have sent events to the domain in the last month? Use the filter to double check that the domain does have tables containing the “offlinesales2020” tag. Does it? Use the finder to get to the siem.logtrust level. These SIEM tables log system data from the domain. You can think of it as a SIEM logging itself. For example, open the siem.logtrust.collector.counter data table. Then check the “object” field. This information is very valuable to Arcadia’s recently created team, as they can check which data sources are already up and running. 💡 Hints: The Finder has a time filter to show the tags/technolo
Devo is happy to make available the latest release of the Devo Platform. This update brings a selection of improvements and bug fixes sourced by our customers!Release InformationTime Window: Thursday August 31, 9:00 AM UTCDuration: 2 HoursImpact: NONE Geo Availability <Region Status CA Released US Released EU Released APACReleased Table of ContentsNew Features New Data Search Events marked on arrival Alert Subscription Enhancement Improvements Aggregation Task calendar migrated to Data Search time picker Improved Data Search Copy command Increased Home Widget Accuracy Enhanced LookUp Errors Better handling of large synthesis operations Bug Fixes New FeaturesNew Data Search Events marked on arrivalNew highlights added to new events on both Table View and List view in Data Search. Alert Subscription EnhancementThe user’s email is now displayed on the Alert Subscription page instead of the Username. This conforms with the consistent behavior through other pag
The Integrations team has released a selection of new collectors and updates to existing ones documented below! Documentation pages for these collectors are being updated now.Table Of ContentsNew Collectors Trend Micro Email Security Collector v1.0.0 Workday Collector v1.0.0 Thinkst Canary Collector v1.0.0 Lastpass Collector v1.0.0 Collectors Updates Crowdstrike API Resource Collector v1.4.3b2 Office 365 Exchange Message Tracing v2.1.1 Salesforce Collector v1.6.0 Sophos Central Collector v1.2.0 Trend Micro Vision One Collector v1.1.0 Google Cloud Platform v1.4.0 Gsuite Google Workspace Report v1.8.0 Onelogin Collector v1.2.0 Cisco Meraki Collector v1.4.0 New CollectorsTrend Micro Email Security Collector v1.0.0Trend Micro Email Security screens out malicious senders and analyzes content to filter out spam. It examines sender authenticity and reputation and defends against malicious URLs.Learn more about this collector.Workday Collector v1.0.0Workday is a service that autom
Devo Relay 2.5.0 brings updates to Transport Layer Security support, bug fixes, and vulnerability patches!Release informationTime Window: Tuesday, September 5, 9:00 AM UTCDuration: 1 HourImpact: NONE Table of ContentsSupport for TLS v1.3 Cleaned up Startup Error messages Recovery of Relay service Improved Vulnerability Fixes Support for TLS v1.3With this update, the default send method will be TSL v1.3 instead of TSL v1.2. As all ELBs already support TLS v1.3, with this change, end-to-end connection can be supported in TLS 1.3. Cleaned up Startup Error messagesConfusing errors on start-up have been cleared up and removed! Recovery of Relay service ImprovedImproved Relay status updating after an abrupt stop. Killing Relay service with SIGKILL is now handled correctly Vulnerability Fixesguava (CVE-2023-2976) spring-core (CVE-2023-20861, CVE-2023-20863)
I have created a LINQ Operator Discovery Resource for all Devo users to learn about what operators are available to use for your Data Search Queries.I created two custom pages to contain all this wonderfulness. This resource will let you quickly filter and search for the right operator to fit your needs. Members of Devo Connect only. The full list of operators and code examples. I also have it in PDF format attached. Please leave a comment and let me know what you think!To my LINQ Bible group, thank you for all your help, here is the results!
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.