Table of Contents | ||||||
---|---|---|---|---|---|---|
|
What is
...
Devo Behavior Analytics?
New technologies and remote work continue to grow the attack surfaces of organizations. To make matters worse, organizations are struggling to find the adequate amount of analysts to take on this increasing workload as the supply-demand gap in the cybersecurity labor market continues to grow. As a result, alert fatigue caused by modern SoCs leads to undesired results including analyst burnout and significant missed alerts.
...
By allowing analysts to prioritize and drill-down into risky entities, analysts can spend less time triaging irrelevant alerts and more time performing higher level SoC tasks such as incident management. Behavior Analytics can increase the time-to-value of their SIEM, spend less time dealing with false positives, and perhaps most important of all, help reduce the number of false negatives in their SoC.
Required permissions
If a user is not am Admin in Devo, they will require the following role permissions in order to be able to gain access to all of the features within the Behavior Analytics application:
Required permission | Access level |
---|---|
Alerts → Alert configuration | Manage |
Alerts → Triggered alerts | View |
Data search → Finders | View |
Users will need View level access to the lookup SecOpsAlertDescription.
Users will also need access to the following tables:
siem.logtrust.web.info
entity.behavior.signals.events
entity.behavior.signal.filtered
entity.behavior.risk.events
entity.behavior.list.notables
entity.behavior.list.groups
entity.behavior.list.members
Learn more about roles and how to define them in this section.
Working with Devo Behavior Analytics
Child pages (Children Display) |
---|