Mitre/SecOps lookup: SecOpsAUTHAuthorizedAccess
- Former user (Deleted)
- Borja Moro Moreno
Purpose
The SecOpsAuthAuthorizedAccess Lookup adds more whitelisting functionality to your Devo Detections from the Security Operations application by allowing them to reference this Lookup of permitted hosts, their associated users, and zone information within your authentication services. This can be used to help carve out certain hosts and users that need to be whitelisted from everyday alerts - helping to lower your false positive rate when properly configured and can help make your alerts more actionable.
Open lookup
Once you have installed the lookup, you can use the Open button at the top right of the card in Exchange to access the Lookup Management area, where you can apply filters to find it and later manage it as required. You can also access the Lookup Management area via the Navigation pane (Data Search area → Lookup Management tab).
Use lookup
After installing the lookup, you can use it in the related application mentioned above for their specific purposes. Apart from that, you can use it anywhere in the platform to enrich values when applicable. To do this, you must use the adequate syntax in queries to correlate values, as explained in this article.