Accessing Exchange
How do I open Devo Exchange?
Provided you have the necessary permissions, you will find the option in the Navigation pane on the left.
What permissions do I need?
To access Exchange to browse content, you need the View version of the Exchange permission. However, you need to Manage version of the Exchange permission to be able to install/uninstall content in your domain.
However, certain content types have specific permissions in Devo that are also required for their installation/uninstallation via Exchange (Activeboards, Alert configuration, Lookups, and Synthetic data).
To know more about how to assign permissions to roles, visit the following article:Â Managing roles.
With this in mind, we can differentiate between the following profiles or types of users involving different scopes of access:
Admins: the typical user profile to use Devo Exchange. If you have the Admin role, you can install and uninstall content in your domain and have access to all the content you install.
Manage user: a user who has been given management access to Exchange and can install, uninstall, and access content types they have permissions for.
View-only user: if you do not have the admin role but have been given view permission over Exchange, you can only browse to check if there is something you might be interested in. When you access as a view-only user, there will be a warning at the top right of the screen so you don't get confused about not being able to install anything.
MSSP users
If you are part of an MSSP structure, you need to get the Exchange_manage and Exchange_synthetic_data policies manually assigned, even if you are an admin user. Otherwise, you will only have view-only access. Contact support if you have any problem.
Resilient access
Exchange’s robust architecture maximizes resilience and ensure adequate performance under adverse conditions, maintaining essential operational capabilities even in the event of errors.
This is achieved through a compartmentalized structure with each component type handled separately. This way if an error occurs in one of them, the rest of them will continue working as expected.
The error will be notified via message at the top right and the content related to the component affected will be visible but not accessible (neither open it nor install/uninstall it). In that case, you can freely navigate through the rest of the content without any risk of malfunctioning.
Exchange activity registry
Every action performed inside Exchange is registered in the devo.internal.audit.logs
table for audit purposes. This table collects information from all the areas of the Devo platform but the fields explained below are the specific pieces concerning specifically to Exchange (visit this article for the complete table description):
Field | Data type | Description |
---|---|---|
service |
| Name of the service or application where the action was executed, in this case: → Exchange. |
section |
| Name of the specific part inside the service where the action was executed. It corresponds to the different categories and technologies to navigate: → search, discover, allContent, forYou, mitre, useCase&data, Security, AWS, Crowdstrike, Monitoring, Authentication, Windows, Firewall, and ITOps. |
subsection |
| Name of the specific part inside the section where the action was executed. It corresponds to the sections inside the Discover category or the options to filter content by type in the rest of the categories: → Highlights, Featured, Trending, Newest, and RecentlyVisited. → all, app, Activeboard, alert, lookup, synthetic_data, pack, and use_case. |
object_name |
| Name of the specific content, for example: → Alert pack: Firewall |
action |
| Description of the action executed. For example: → get catalog, retrieve item, open, open content, update content, launch content, stop content, view content, install content, uninstall content, etc. |
Â