Purpose
An analyst wants to detect <adjective> behavior in <data source>. Using the <name> Azure collector to send <type> to Devo, the analyst will find <outcome>. As a result, the analyst will <verb> the <entity>, preventing them from <tactic>.
Example tables
Table | Description |
|---|---|
Authorize It
Run It
In the Cloud Collector App, create an Azure Collector instance using this parameters template, replacing the values enclosed in < >.
| Code Block |
|---|
Secure It
Monitor It
Create an inactivity alert to detect interruptions of transfer of data from the source to the SQS queue using the query
| Code Block |
|---|
from TABLE
where toktains(hostchain,"collector-")
select split(hostchain,"-",1) as collector_id |
Set the inactivity alert to keep track of the collector_id.