To help organizations secure and maximize Amazon Web Service security solutions, Devo provides the Devo 360 for AWS Application, where cloud-native logging and security analytics meets AWS Infrastructure Data.
The Devo 360 for AWS application brings centralized insights from an array of AWS security products, including CloudTrail, CloudWatch, S3, VPC, and Security Hub, into the Devo Platform all in one place.
The Devo 360 for AWS Application, available in Devo Exchange, is a pre-built knowledge base of dashboards and alerts that delivers real-time visibility and expedites analysis of Devo users’ entire AWS infrastructures. It helps you use the Devo Platform to optimize resources and detect threats targeting your AWS infrastructure. It also automatically aggregates AWS alerts by threat definition which increases analysts’ efficiency and reduces fatigue as they address alerts.
Installing the Devo 360 for AWS application
Installing the application is easy thanks to Devo Exchange. All you need to do once inside Exchange is find the application, click the Install button, and assign it to your role. You can find the whole process carefully explained in Installing content.
Pre-requisites
To use the Devo 360 AWS, you must have the following Lookups installed in your domain:
Accessing the application
The application is easily accessible from the Navigation pane. To open the application, go to Applications → Devo 360 for AWS in the navigation pane.
Working with Devo 360 for AWS
In this application, you can find three different views, which are divided in tabs to better categorize the different information displayed and thus make it easier to find what you need. Visit the articles below for an in-depth analysis of the content each view presents:
Operations in all views
In all of the views you have a time picker at the top left so you can visualize the data for the desired period. You can choose either a Time Preset from the list or you can select a Custom Range and specific a date on the calendar.
There are several widgets in all views and all of them have some common features. You can see the query that feeds the widgets by clicking on the ellipsis menu and selecting Show Query.
Copy the query
Click the clipboard icon to copy the query to your clipboard for further use.
They also have some particularities and they can be categorized in different types according to the degree of interaction they allow and the type of insight they offer about data.
Column and line charts provide insights on the data distribution over time. These are the widgets with the highest degree of interaction. See the picture below for the different actions you can carry out.
Simple value widgets show the count of a specific value so you can see key indicators at a glance.
Maps provide a quick view of the geographical distribution of the data. In maps, you can hover over geographic positions to see a tooltip with the name of the country and the count of the measured value. You can zoom in or out to find the desired location more easily.
Donut and pie charts provide an overview on the data distribution in relation to the total. You can select segments and hover over them to see a tooltip with the value and count they represent.