...
Let’s look at the building blocks of the Devo SOAR product. To automate your data, you need to understand some of the basic terms used in Devo SOAR.
Expand | ||
---|---|---|
| ||
Playbooks are the graphical representations of the logic that the security analyst goes through to make decisions about events. Playbook execution ranks security events such that the critical events at the top. For more information, refer to Playbooks. To build a playbook, you need:
|
Expand | ||
---|---|---|
| ||
Connections allow you to ingest data into Devo SOAR from your security information and event management (SIEM) environment. A connection creates a link between Devo SOARand an external system such as a SIEM environment. Connections are how you connect to a SIEM such as Devo, Elasticsearch, Splunk, SumoLogic. For more information on connections, refer to Create Connections. |
Expand | ||
---|---|---|
| ||
Event types are the queries that get specific events from your connections and yield the results for analysis and scoring. The queries are the same native queries that you would run on your SIEM. For more information on event types, refer to Create Event Types. |
...