Devo Behavior Analytics 1.6.0
RELEASE DATE: JANUARY 2, 2024
New features
Alert White Listing
Alert Whitelisting enables customers to attach Devo’s standard OOTB whitelisting capabilities to the alerts created as part of the behavior alert definition configuration.
The Whitelist combines the SecOpsAssetRole and SecOpsGWL lookups available from Devo Exchange (see the links below). These lookups are used with the Behavior Alert Definition and the underlying model to identify the entities involved in the detection and check that they are not within the allowlist. If the entities are in the allowlist, then the alert will not fire for that particular entity.
Devo Exchange Quick link: SecOpsAssetRole
Devo Exchange Quick link: SecOpsGWL
Risk-Based Alerting
Risk-based alerting sets thresholds for alerts within the Devo Behavior Analytics application to alert on risk events for specific entities within an organization. Â Risk-based alerts can be created from the Content Manager or through data search by creating alerts on the entity. behavior.risk.events table.