Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

The option to install an application or other content is located on the card. Administrator users can browse and install Exchange content in the domain. All other non-administrator users can browse only if their roles have adequate permission. Non-administrator users need to contact an administrator if they want any content installed in their domain.

The installation process is similar for all types of cards. The minor differences in the installation process are explained in their own subsections below in this article.

When a user opens a card at the top right there is a button. It says Installed if the content is already installed in your domain or Not Installed. If you are an Exchange administrator for your domain, then it will show as a green Install button allowing you to add it to the domain. If already installed the button will say Uninstall, allowing the admin to uninstall the content from the domain.

Installing applications

Search for an application. Cards labeled Application will appear.

Open an application card and press the Install button. When attempting to install an application, if one or various sources are missing, you will get a warning message letting you know that the application may not work correctly when sources are missing.

If you have at least some of the sources, clicking Yes, Install application will install the application. 

It is recommended that you do not install a content when all sources are missing in your domain.

When the installation is successful, a Success message will be displayed.

After the administrator has installed the application, they must also assign a role to it. This only applies to the content of the type application. To give a role permission to an application, visit Roles Management. From Devo's navigation menu select Administration > Roles. In Roles management, there are at least two profiles: Admin and No privileges. On the left side, click on a specific role to which you want to give permissions. For example, you can click on the Admin role.

 Next, select the Applications tab.

Finally, select from the Available pane, the resources to give access to. Press the > button to move that application to the Selected pane. Other roles may exist or can be created.  Application content on cards are installed for the entire domain and then you indicate which roles have access to them. Only users that are assigned those roles can use those applications.

 Both the Admin role and the No privileges role can navigate. However, an Admin role is necessary to install or uninstall content. 

Installing Activeboards

Activboard cards contain as content a single Activeboard, which you can download and install. For example, if you want to visually monitor users accesses and activity, then type in the search box of Exchange Devo Users Tracking. The card containing that Activeboard will be displayed.

Open it by clicking on it again. Now you can install the Activeboard by clicking on the install button on the top right corner.

A window will ask you if you are sure that you want to install the content, in this case, the Activeboard. Choose Yes, Install. After installation the top right corner button will change to Uninstall, indicating that the content has been installed. When attempting to install an Activeboard, if one or various sources are missing, you will get a warning message letting you know that the Activebaord may not work correctly when sources are missing.

To verify that all is working correctly navigate Devo's menu to Activeboards. There, click on the Activeboard Manager and scroll down till you find Devo Users Tracking and click on it. The Activebaord will open and you can verify that it displays correctly.

Installing a lookup

Lookup cards are those that contain a single lookup ready to install in your domain.

An example of a Lookup card is CDN providers.

This lookup enhances your data by providing the name of the CDN that distributes each domain. All domains can install this lookup and it can be used in queries and alerts. For example, it can tell you that youcustomer.com domain is related to the Akamai CDN . 

To install a lookup, do a search for it. When the card is displayed open it by clicking on it again. Now you can install the lookup by clicking on the Install button on the top right corner.

The installation process for a lookup is asynchronous. This means that after you click install lookup, Exchange sends a message to Devo to start the install process. However, while Devo is installing the lookup, Exchange will show it as installed. 

The same goes with uninstalling.

If the lookup already exists in the domain, but is not registered with Exchange, then trying to install it from Exchange will give an error.

Installing content packs

Content pack cards include a bundle of applications or other content to cover the needs of a specific user profile or use case. For example, if you are an AWS Administrator interested in supervising all services running in it, you may want to download the AWS content pack. It allows you to install the full bundle of AWS-related content at once: AWS Security Monitor, Alerts pack, and 2 Activeboards. Clicking install will install all the different applications and content included in the pack. The content pack includes all applications and other contents that cover the needs of your AWS-related use cases.

Content pack cards also exist when an application, Activeboard, or alert pack needs to be installed together with a lookup. For example, the content pack Attacks & Lookups consists of an Alert pack and the lookup it needs.

To install a content pack, do a search. When the card is displayed, open it by clicking on it again. Now you can install the content pack by clicking on the Install button on the top right corner.

Content pack cards include a bundle of content. Each content in a content pack must also exist in Exchange as a standalone item.

If an application or content does not install, the content pack card will still show the Install Content pack button.  As an administrator, you will need to decide what to do about the item that was not installed. The card remains uninstalled until all contents are successfully installed.

Installing alert packs

Alert pack cards gather and install at once a set of alerts that help you detect issues related to a specific area or need. The sum of the alerts in a card can be considered a library. Individual alerts are not available in Exchange. Even if one of the alerts in the bundle gets installed the Alert library appears as installed. This gives freedom to the administrator to decide what they should do regarding the alerts that are not installed. In the background, each alert gets installed using the Alerts API. If an alert was already installed in the domain, it will not install it twice.

An example of an alert pack card is the Attacks Alert Library. It helps security teams detect malicious login or authentication attempts. 

It is possible to click on the </> icon in front of any of the alerts in a pack to see the query used by that alert. 

To install an alert pack, search for it. When the card is displayed, open it by clicking on it again. Now you can install the alert pack by clicking on the Install button on the top right corner.

If all necessary sources exist in your domain, all alerts in the pack will be installed. If clicking on Install there are missing sources in your domain, a warning message will tell you that the alerts with no sources will not be installed.

Click Yes, Install.  The alerts will be installed.  If sources were missing at the end of the installation it will say "some contents could not be installed".

If the alerts already exist in your domain but are not registered by Exchange, an Error message will be displayed.

  • No labels