...
By allowing analysts to prioritize and drill-down into risky entities, analysts can spend less time triaging irrelevant alerts and more time performing higher level SoC tasks such as incident management. Behavior Analytics can increase the time-to-value of their SIEM, spend less time dealing with false positives, and perhaps most important of all, help reduce the number of false negatives in their SoC.
Required permissions
If a user is not am Admin in Devo, they will require the following role permissions in order to be able to gain access to all of the features within the Behavior Analytics application:
Required permission | Access level |
---|---|
Alerts → Alert configuration | Manage |
Alerts → Triggered alerts | View |
Data search → Finders | View |
Users will need View level access to the lookup SecOpsAlertDescription.
Users will also need access to the following tables:
siem.logtrust.web.info
entity.behavior.signals.events
entity.behavior.signal.filtered
entity.behavior.risk.events
entity.behavior.list.notables
entity.behavior.list.groups
entity.behavior.list.members
Learn more about roles and how to define them in this section.
Child pages (Children Display) |
---|