Threat detections within the Devo 360 for AWS Application deliver full information on alerts with descriptions, recommendations, and links to the MITRE ATT&CK Framework. This provides analysts with the full context of each AWS infrastructure alert for informed analysis of the threat story. Threat detections include: Why the event was created Timeframe of the alerts in the event Prioritization of the event Links to AWS reference information Links to MITRE tactic and technique information Threat source information Detailed alert and event activity log Image RemovedImage AddedSelecting a threat definition in the Threats Triggered table will provide extensive details on each triggered alert. Here you will find tabs with further information: Overview Contains information on why, what, when, where and how the alert was triggered, the alert priority, dates, status, and actions. Image Removed Image AddedTimeline Plots the alerts triggered on an interactive timeline. Queries Provides the query that feeds the alert, which you can copy to your clipboard for further use. Geolocation Plots the location of events on an interactive map.
This tab reflects the AWS alerts defined in your domain. Use the Activated column to enable and disable alerts individually. Info |
---|
Alerts are domain wide Activating and deactivating alerts here will be reflected in SecOps and Devo alerts. |
|