Document toolboxDocument toolbox

Security Operations 3.0.0

Owned by Former user (Deleted)
Last updated: Oct 25, 2022
2 min read

New features

  • We’ve added a new widget: Investigations closed in the last 7 days.

  • We’ve rolled out the Content Manager, which is one-stop shop for managing everything Security Operations-related, including alerts, lookups and capabilities.

  • The Content Delivery Service is a new capability the Devo Content team uses to provide our cloud-based customers with new alerts on a regular basis.

  • The Threat Data Service is a Kafka streaming architecture deployed into the Devo production environment. It enables fired alerts and entities to stream out of the entities table.

  • We have three new entity behavior models available: User Agent Distance, Client Server Model, and UBA Classifier.

  • Security Operations now provides a unique alert wizard that enables analysts to create alerts based on new threat intelligence or emerging threats.

  • Investigation now includes a new area to upload memory forensics files.

  • The Entity Dossier Battle Card is a new, detailed view of entities. It can be accessed everywhere entities can be seen within Security Operations.

  • The triage view now provides a number of new ways to group and filter alerts.

  • Security teams now also have the ability to assign users and groups to alerts and investigations.

  • Security Operations now enables security teams to add custom threat intelligence and enrichment sources. These sources require URL, path and parameters to connect to the sources.