Document toolboxDocument toolbox

Alert Manager Add-on

Overview

The Alert Manager Add-on application is a Devo Labs tool that enables security teams to understand and manage alerts and log sources in their Devo domain. Track alert coverage using the color codes, view and edit alert definitions, create new alerts, and detect log sources currently being ingested. Here you can write alerts based on queries that use API-only functions, and write alerts with subqueries.

How can I get this application?

The application must be activated in your domain via the Applications Gallery, otherwise you will not see the application in the navigation pane. See Applications gallery to know more.

What permissions do I need?

What you will see in this view is permissions dependent. You will need alert configuration permissions to have access to this app. Users with View permissions will be able to access in view mode, whereas users with Manage permissions will have full access.

To access the Administration → Alert Configuration area you need to have a role with the Manage version of the Alert configuration permission.

Additionally, you need to have alerts assigned (see Assign resources to a role). You will only see alert definitions for those alerts assigned and allowing only the interaction level specified for them. In other words, the permissions grants theoretical access to alerts while assigning a specific alert grants the actual access.

Accessing the application

  1. Select Application → Alert Manager Add-on in the navigation pane. The application main screen is then shown.

  2. From there you can view the Alert Manager in tabs that accumulate as you use the add on. Click each tab to see what this means.

Using the application