Versions Compared

Old Version 28

changes.mady.by.user Sarah Bigault

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat
Warning

Status
colourRed
titleMaintenance mode

The SecOps solution is currently in maintenance mode. While we continue to support existing customers, no new features will be added.

New Devo customers are encouraged to explore Devo’s integrated case management capability. For more information, please contact your sales team or support representative.

Introduction

Devo Security Operations (SecOps) is a purpose-built, context-rich application framework that automates security expertise, speeds investigation and triage, reduces required resources, and magnifies response capability.

...

Note

SecOps alert priorities VS Devo alert priorities

Please keep in mind that the priority levels used in SecOps alerts (shown above) do not correspond to the ones used in the common alerts defined in Devo. You can see the priority levels used in Devo when you create a new alert from the search window. As said, these priority levels do not correspond to the ones defined in SecOps.

...

Anchor
lookup
lookup

Security Operations lookups

...

lookups

...

There are two types of lookups in SecOps: main lookups and multi-lookups.

  • Main lookups are available only on the domain the SecOps app is installed. The installation of these files is performed by the Devo team and they could be watched and modified by Admin users. The most important lookup is SecOpsAlertDescription, which contains the list of predefined alerts used in SecOps.

  • Multi-lookups are available to all domains, but users cannot modify them. Some of them are SecOps configuration files, and some others store security information that comes from MISP services. This information is periodically updated in different ways. Some are static (for example CheckBackdoorConnection), some are updated weekly (for example SuspiciousFileExtension) and some others are updated daily (for example. farsight feeds).

Devo SecOps provides customers with a set of predefined security alerts designed by experts, which are one of the basic aspects of the application. Users can tune these alerts attending to their necessities, or create new custom alerts to include them in the SecOps application.

...

Go to Security Operations Lookups for detailed information.

User roles in the Security Operations app

...