...
Place data in an S3 bucket.
Authorize SQS data access.
Enable the collector with the service matching the data format.
Devo collector features
...
Feature
...
Details
...
Allow parallel downloading (multipod)
...
allowed
...
Running environments
...
Cloud Collector App
...
Writes to
...
table
Data sources
Data source | Security Purpose | Collector service name | Devo table |
|---|
Any | The collector can be customized to process any data. Use a custom service only if there is no prebuilt service. | custom_service | All |
AWS CONFIGURATION LOGS | Cloud Resource Audit | aws_sqs_config
| cloud.aws.configlogs.events
|
AWS ELB | Load Balancer | aws_sqs_elb
| web.aws.elb.access
|
AWS ALB | Load Balancer | aws_sqs_alb
| web.aws.alb.access
|
CISCO UMBRELLA | DNS | aws_sqs_cisco_umbrella
| sig.cisco.umbrella.dns
|
CLOUDFLARE LOGPUSH | Content Distribution | aws_sqs_cloudflare_logpush
| cloud.cloudflare.logpush.http
|
CLOUDFLARE AUDIT | Content Distribution | aws_sqs_cloudflare_audit
| cloud.aws.cloudflare.audit
|
CLOUDTRAIL | AWS Audit | aws_sqs_cloudtrail
| cloud.aws.cloudtrail.*
|
CLOUDTRAIL VIA KINESIS FIREHOSE | AWS Audit | aws_sqs_cloudtrail_kinesis
| cloud.aws.cloudtrail.*
|
CLOUDWATCH | Instance Metrics | aws_sqs_cloudwatch
| cloud.aws.cloudwatch.logs
|
CLOUDWATCH VPC | Private Cloud Metrics | aws_sqs_cloudwatch_vpc
| cloud.aws.vpc.flow
|
CONTROL TOWER | In most cases, use the CloudTrail service instead. VPC Flow Logs, Cloudtrail, Cloudfront, and/or AWS config logs | aws_sqs_control_tower
| |
deprecated | | aws_sqs_fdr
| edr.crowdstrike.cannon
|
CROWDSTRIKE FALCON DATA REPLICATOR | Antivirus | aws_sqs_fdr_large
| edr.crowdstrike.cannon
|
GUARD DUTY | Threat Detection | aws_sqs_guard_duty
| cloud.aws.guardduty.findings
|
GUARD DUTY VIA KINESIS FIREHOUSE | | aws_sqs_guard_duty_kinesis
| cloud.aws.guardduty.findings
|
IMPERVA FLEXPROTECT | Content Delivery | aws_sqs_incapsula
| cef0.imperva.incapsula
|
LACEWORK | Container and Cloud | aws_sqs_lacework
| monitor.lacework.[agent].*
|
PALO ALTO | Firewall | aws_sqs_palo_alto
| firewall.paloalto.[file-log_type]
|
ROUTE 53 | Domain Name Service | aws_sqs_route53
| dns.aws.route53
|
OPERATING SYSTEM | Windows and Unix events | aws_sqs_os
| box.unix_cloudwatch
box.win_cloudwatch
|
SENTINEL ONE FUNNEL | Endpoint Detections | aws_sqs_s1_funnel
| edr.sentinelone.dv
|
S3 ACCESS | S3 Bucket Audit | aws_sqs_s3_access
| web.aws.s3.access
|
VPC LOGS | Private Cloud Metrics
(published without CloudWatch) | aws_sqs_vpc
| cloud.aws.vpc.flow
|
WAF LOGS | Firewall | aws_sqs_waf
| cloud.aws.waf.logs
|
Devo collector features
Feature | Details |
|---|
Allow parallel downloading (multipod) | allowed
|
Running environments | Cloud Collector App
|
Writes to | table
|
