Security Operations 3.0.0
- Anthony Shevlin (Deactivated)
New features
We’ve added a new widget: Investigations closed in the last 7 days.
We’ve rolled out the Content Manager, which is one-stop shop for managing everything Security Operations-related, including alerts, lookups and capabilities.
The Content Delivery Service is a new capability the Devo Content team uses to provide our cloud-based customers with new alerts on a regular basis.
The Threat Data Service is a Kafka streaming architecture deployed into the Devo production environment. It enables fired alerts and entities to stream out of the entities table.
We have three new entity behavior models available: User Agent Distance, Client Server Model, and UBA Classifier.
Security Operations now provides a unique alert wizard that enables analysts to create alerts based on new threat intelligence or emerging threats.
Investigation now includes a new area to upload memory forensics files.
The Entity Dossier Battle Card is a new, detailed view of entities. It can be accessed everywhere entities can be seen within Security Operations.
The triage view now provides a number of new ways to group and filter alerts.
Security teams now also have the ability to assign users and groups to alerts and investigations.
Security Operations now enables security teams to add custom threat intelligence and enrichment sources. These sources require URL, path and parameters to connect to the sources.
