Document toolboxDocument toolbox

Threats - AWS

About the threats area

The Threats view provides an overview of the triggered and defined alerts in your domain.

When an alert is triggered in your domain, it will be registered here as a threat detected, whereas a defined threat will be the alerts you have defined with their corresponding conditions.

This area contains all the alerts across Devo, from the Alerts view, SecOps, as well as AWS.

Installation process

Exchange alert pack: AWS

For a successful use of this application, we recommend the installation of this alert pack via Exchange.

Threats detected

Threats data

Threat detections within the Devo 360 for AWS Application deliver full information on alerts with descriptions, recommendations, and links to the MITRE ATT&CK Framework. This provides analysts with the full context of each AWS infrastructure alert for informed analysis of the threat story.​ Threat detections include:

  • Why the event was created

  • Timeframe of the alerts in the event

  • Prioritization of the event

  • Links to AWS reference information

  • Links to MITRE tactic and technique information

  • Threat source information

  • Detailed alert and event activity log

Triggered threat table

Selecting a threat definition in the Threats Triggered table will provide extensive details on each triggered alert. Here you will find tabs with further information:

Overview

Contains information on why, what, when, where and how the alert was triggered, the alert priority, dates, status, and actions.

Timeline

Plots the alerts triggered on an interactive timeline.

Queries

Provides the query that feeds the alert, which you can copy to your clipboard for further use.

Geolocation

Plots the location of events on an interactive map.

Â