...
The content manager is where the behavioral models can be deployed. To get to the content manager, click the Content Manager button in at the far top right of the application. Once you open the content manager, a list of all models that can be deployed are displayed.
There are three columns displayed for each modelseveral columns displaying info: Behavior Analytics Use Case Model (the name of the model), Description, Required Table (the required Devo table for deploying the model), and status (enabled / disabled), and state (Running or not). If a model is not enabled, then it must be turned on in order to start running.
...
In order to deploy a model, click the Configure and EnableStart button. A new screen providing options for configuring the behavior alert will appear. The full configuration of the behavior alerts happens in four steps: Credentials, Signals, Whitelist, and Alerts. The
The credentials section allows the
...
modeling process to have access to the data within your domain.
...
The signals sections are used to set a signal threshold (if applicable) and a signal risk score.
The whitelist section enables users to enter or upload CSV lists of users, devices, and domains into the use cases configuration to filter those entities from the use case.
...
The alerts section enables users to optionally create an alert directly on the signal if they feel it achieves a high level of fidelity for their organization.
If you stop a model there is a disable option that allows you to pause the model.
...
Deploying behavior alerts
...
Credentials
The Credentials section contains the following parameters:
Name | Description | |
API Key | The API Key identifier from the Devo domain. | |
API Secret | The API key secrete from the Devo Domain. |
...
The Signals section contains the following parameters:
...
Name | Description |
Signal Threshold | Threshold by which the behavior signal is added to the |
Signal Risk Score | Risk score given to the behavior signal that is sent back to Devo. Entity risk score is calculated based on the risk score value given. |
Table Override | The table that can be used to override the behavior signal query. The table must match specific fields in the original table used in order to function correctly. |
...