Page Comparison

...

These are the minimum required permissions to use SecOps:

Applications tab

SecOps users may have access to SecOps applications with and without entities. Assign the following permissions as required:

...

Security Operations lookups

There are three two types of lookups in SecOps: main lookups , and multi-lookups, and dynamic lookups.

• Main lookups are available only on the domain the SecOps app is installed. The installation of these files is performed by the Devo team and they could be watched and modified by Admin users. The most important lookup is SecOpsAlertDescription, which contains the list of predefined alerts used in SecOps.

• Multi-lookups are available to all domains, but users cannot modify them. Some of them are SecOps configuration files, and some others store security information that comes from MISP services. This information is periodically updated in different ways. Some are static (for example CheckBackdoorConnection), some are updated weekly (for example SuspiciousFileExtension) and some others are updated daily (for example. farsight feeds).Dynamic lookups are not-editable files that are periodically updated. The periodicity depends on the necessities of the alerts. These lookups contain values that are calculated with real data and are constantly changing. This data is used to improve the behavior of the alerts. For instance, we can calculate the daily or weekly average of DNS traffic detected by a firewall. This average is stored in the dynamic lookup and then we can trigger an alert when detecting peaks.

Devo SecOps provides customers with a set of predefined security alerts designed by experts, which are one of the basic aspects of the application. Users can tune these alerts attending to their necessities, or create new custom alerts to include them in the SecOps application.

...