Page Comparison

Name

Description

Signal Threshold

Threshold by which the behavior signal is added to the entity.behavior.signal.events table.  Signals  Signals above the threshold are counted in entity risk scores.  

Signal Risk Score 

Risk score given to the behavior signal that is sent back to Devo.  Entity risk score is calculated based on the risk score value given. 

Advanced Configurations

Configuration options to only be used under special circumstances and Devo table configurations.  Contact  Contact support to see if these options make sense.  

Table Override

The table that can be used to override the behavior signal query.  The table must match specific fields in the original table used in order to function correctly. 

Name

Description

Users

Displays all of the current users that are whitelisted from the current use cases.  Additionally  Additionally users can be entered manually in the textbox or uploaded via CSV.  Users are all direct match string values. 

• Example users: 

• David Dark

• , david.dark@devo.com

• , Ddark 

Devices

Displays all of the current devices that are whitelisted from the current use cases.  Additionally devices can be entered manually in the textbox or uploaded via CSV.  Devices can be hostname, IP addresses, ranges of IP Addresses, and CIDR blocks.  

• Example hostname: MacBookPro_0002 

• Example IP Address Entries: 174.1.54.54 

• Example IP Address Range: 173.1.54.100-173.1.54.130 

• Example CIDR Block: 172.16.14.128/25

Domains

Displays all of the current domains that are whitelisted from the current use cases.  Additionally domains can be entered manually in the textbox or uploaded via CSV.  Domains are all direct match string values. 

• Example domain: poc.devo.com