...
Expand | ||
---|---|---|
| ||
The top area of this window shows a series of informative graphs that inform users about the alerts and lookups in your environment. Each group of alerts shows the total number of alerts and the ones that are activated. Next to this, you can check the total percentage of activated alerts in a group. In the capture below, the first graph represents the SecOps alerts in our environment. Currently, we have a total of 307 alerts, and 143 of them are activated. This represents 43% of the total number of alerts, as we can see in the graph. These are the different groups of alerts:
|
Expand | ||||
---|---|---|---|---|
| ||||
In the middle area of the window, you'll find three different tabs: Alerts installedCheck the list of alerts installed in your SecOps environment.
LookupsAs explained in this section, there are 3 types of lookups in the Security Operations application: main lookups, multi-lookups, and dynamic lookups. In this tab, you can check the lookups of each type that you have installed in your environment.
CapabilitiesCapabilities are Flow contexts that relate SecOps data to other external systems and perform specific operations.
These are all the available capabilities: | ||||
Capability | Description | |||
Investigations to Cortex XSOAR | Activate this capability to create a case in the platform Cortex XSOAR every time you define a new investigation in SecOps. This capability must be configured in the Application settings section. Learn more below. | |||
Investigations to Phantom | Send investigations to the Phantom platform. This capability must be configured in the Application settings section. Learn more below. | |||
Entities | This capability allows the creation of entities in the system. | |||
Send investigation to email | Send closed investigations to a specific email address or addresses. | |||
User agent distance | This capability calculates the user-agent distance. You can use it to check differences between user agents that use a browser, or two users in the system entities. |
Expand | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||
Finally, in the bottom area of this window, we have the Alerts Filters and Alerts Configurator sections. These sections appear at the bottom area no matter the tab in the above section we select. In the Alerts Filter, select the required filters and check the results in the Alerts Configuration area, where you can select any number of required alerts and install them.
Alerts filterBelow are the available filters in the Alerts Filter section. Select the required ones and click Filter to see the results.
Alerts configuratorIn the Alerts Configurator section, you will see the alerts matching the filter criteria selected. In this area, you can check any number of filtered alerts you need to install, and then click the Install alerts button that appears on the right side to install them. After installation, these alerts will appear in the Administration → Alert Configuration area of the Devo app.
|
...