Versions Compared

Old Version 11

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Let’s look at the building blocks of the Devo SOAR product. To automate your data, you need to understand some of the basic terms used in Devo SOAR.

Expand
titlePlaybooksPlaybook

Playbooks are the graphical representations of the logic that the security analyst goes through to make decisions about events. Playbook execution ranks security events such that the critical events at the top.
Playbooks allow you to automate the process of identifying undesirable events and responding to them.

For more information, refer to Playbooks.

To build a playbook, you need:

  • Connection

  • Event types

Expand
titleConnection

Connections allow you to ingest data into Devo SOAR from your security information and event management (SIEM) environment. A connection creates a link between Devo SOARand an external system such as a SIEM environment. Connections are how you connect to a SIEM such as Devo, Elasticsearch, Splunk, SumoLogic.

For more information on connections, refer to Create Connections.

Expand
titleEvent typestype

Event types are the queries that get specific events from your connections and yield the results for analysis and scoring. The queries are the same native queries that you would run on your SIEM.
Event types can draw from any of the following source types: results of a query on an external source, such as Splunk, SumoLogic, or Elasticsearch.

For more information on event types, refer to Create Event Types.

...