Threats - AWS
About the threats area
The Threats view provides an overview of the triggered and defined alerts in your domain.
When an alert is triggered in your domain, it will be registered here as a threat detected, whereas a defined threat will be the alerts you have defined with their corresponding conditions.
This area contains all the alerts across Devo, from the Alerts view, SecOps, as well as AWS.
Installation process
Exchange alert pack: AWS
For a successful use of this application, we recommend the installation of this alert pack via Exchange.
Threats detected
Threats data
Threat detections within the Devo 360 for AWS Application deliver full information on alerts with descriptions, recommendations, and links to the MITRE ATT&CK Framework. This provides analysts with the full context of each AWS infrastructure alert for informed analysis of the threat story.​ Threat detections include:
Why the event was created
Timeframe of the alerts in the event
Prioritization of the event
Links to AWS reference information
Links to MITRE tactic and technique information
Threat source information
Detailed alert and event activity log
Triggered threat table
Selecting a threat definition in the Threats Triggered table will provide extensive details on each triggered alert. Here you will find tabs with further information:
Overview
Contains information on why, what, when, where and how the alert was triggered, the alert priority, dates, status, and actions.
Timeline
Plots the alerts triggered on an interactive timeline.
Queries
Provides the query that feeds the alert, which you can copy to your clipboard for further use.
Geolocation
Plots the location of events on an interactive map.
Â