Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
typeflat
Image Added

Purpose

The SecOpsWinPermittedDomains Lookup adds whitelisting functionality to your Devo Detections from the Security Operations application by allowing them to reference this Lookup of permitted domains. Using this Lookup will lower your false positive rate when properly configure and can help make your alerts more actionable.

Open

SecOpsWinPermittedDomains Lookup

lookup

Once you have installed the Lookup and assigned it to your role you can access the Lookup in the following ways:

Go to Exchange in the navigation pane and look for the Lookup you want to open. Click Open.

Image Removed

Go to Data Search → Lookup Management. You will see a list with your Lookups available, including the ones that you download via Exchange. You can use the filter to open the Lookup you downloaded.

Image Removed

Info

Work with Lookups

Refer to Manage and edit lookup tables article to know how to work with Lookups

lookup, you can use the Open button at the top right of the card in Exchange to access the Lookup Management area, where you can apply filters to find it and later manage it as required. You can also access the Lookup Management area via the Navigation pane (Data Search area → Lookup Management tab).

Image Added
Image Added

Use lookup

After installing the lookup, you can use it in the related application mentioned above for their specific purposes. Apart from that, you can use it anywhere in the platform to enrich values when applicable. To do this, you must use the adequate syntax in queries to correlate values, as explained in this article.