Table of Contents | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
About the threats area
The Threats view provides an overview of the triggered and defined alerts in your domain.
...
This area contains all the alerts across Devo, from the Alerts view, SecOps, as well as AWS.
Installation process
The Devo 360 for AWS application provides predefined alerts that are installed when installing the application via Devo Exchange.
If these alerts already exist in your domain, the installation will respect the current state and will not replace them with the alerts contained in the application. If these alerts are new, they will be installed, however will be turned “off” until you enable them. Go to the Definitions tab to see how to do this.
Rw ui tabs macro |
---|
Rw tab | title | Threats detected
Info |
Exchange alert pack: AWS For a successful use of this application, we recommend the installation of this alert pack via Exchange. |
Threats detected
Threats data
Threat detections within the Devo 360 for AWS Application deliver full information on alerts with descriptions, recommendations, and links to the MITRE ATT&CK Framework. This provides analysts with the full context of each AWS infrastructure alert for informed analysis of the threat story. Threat detections include:
Why the event was created
Timeframe of the alerts in the event
Prioritization of the event
Links to AWS reference information
Links to MITRE tactic and technique information
Threat source information
Detailed alert and event activity log
...
Triggered threat table
Selecting a threat definition in the Threats Triggered table will provide extensive details on each triggered alert.
...
Here you will find tabs with further information:
Overview
Contains information on why, what, when, where and how the alert was triggered, the alert priority, dates, status, and actions.
...
Timeline
Plots the alerts triggered on an interactive timeline.
...
Queries
Provides the query that feeds the alert, which you can copy to your clipboard for further use.
...
Geolocation
Plots the location of events on an interactive map.
...
Rw tab | ||
---|---|---|
|
This tab reflects the AWS alerts defined in your domain. Use the Activated column to enable and disable alerts individually.
...
Alerts are domain wide
...