Table of Contents | ||||
---|---|---|---|---|
|
...
An active Anomali subscription.
The Anomali ThreatStream Integrator application deployed and configured in your environment:
Anomali recommends updating to the latest version of the integrator if possible before you set up the Devo destination. At a minimum, you must have a ThreatStream Integrator installed that supports SDK (v6.6 or later).
If the threat intelligence source for your integrator is ThreatStream OnPrem, the ThreatStream Integrator must be running v6.9.x or later.
An active Devo subscription.
A direct connection from the server hosting ThreatStream OnPrem.
Devo X.509 certificates. See this article for more information.
Configuration and setup
...
Rw ui steps macro | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Log in to the Anomali ThreatStream Integrator application.
Go to Destinations and create a new Anomali Integrator SDK Destination.
Select the SDK option and click Add.
Configure the following settings:
Save the Destination.
Choose one of the following available plugins:
|
...
Launch the Data Search menu.
Open the Devo table you want to query.
Compose your initial base query to isolate the data you would like to enrich.
Select the add column function from the toolbar in the data search screen.
Provide a Column Name.
Select custom as the operation type.
Select the Anomali lookup table and field you would like to use for the enrichment from the drop-down list:
Add a new argument to select the field to correlate on. The data type of the selected field must match the data type of the key value in the selected Lookup Table.
Click Create Column.
The new column is added to the data search workspace.
...