Flow
What is Flow?
Flow is the Devo Platform's very own correlation engine; a step forward in our stream processing and analysis capabilities. With Flow, we can enhance cyber security efforts by integrating alert systems to prevent and alert security breaches. Flow automates data processing in real time and speeds up investigation by defining complex workflows as soon as data arrives on the platform. Use Flow to understand relationships and to aggregate, normalize, analyze and enrich event log data.
Users will be able to design complex data management flows through a really intuitive and visual interface, and boost some of the current features of the Devo application. Simply drag the required units from a wide selection of elements into the workspace and create data pipelines by connecting them. The possibilities of the tool are endless—depending on the type of units and input data selected, you can use Flow to get different results. Extracting real-time insights from your data in motion has never been this easy.Â
With the Flow Editor, define different types of sources to detect and manage threats, errors, alerts, data sharing, and much more with various Units. Once the sources have been identified, decide how to process and analyze the events by adding units to your Flow. To alert you of problems with your data, the correlation engine immediately detects the change, rejects the configuration, and continues running with the previous settings. Learn more about this in our Use Cases.
What can Flow be used for?
Creating alerts easily
The Devo platform allows users to build their own alerts based on query data. With Flow, you can define query-based alerts much easier—you only need to create a two-element flow. For example, let's say you want to define an alert that triggers under certain specific conditions and you want to receive the notifications in your email. Just create a flow adding a unit that retrieves data from a Devo query and then connect it to a unit that sends emails to a specified address. As easy as that.
Defining complex alerts that cannot be created in Devo
Flow also allows users to build alerts that couldn't be defined in Devo. Alerts in Devo are limited to the available operations to transform your query data and the existing types of alert definitions in the application (Each, Several...). In Flow, units are scriptable, so there are no limits to the type of conditions you can define for your alerts. This allows users to detect complex data patterns in a simple way.Â
Correlating information from different sources
Using the available units in Flow, you can join several data streams and correlate the information in different tables to react when the same pattern occurs in different tables. For example, you can create a flow that compares the access time to two different servers in order to detect suspicious activity. You can boost the potential of your alerts and data injections correlating data from different data tables.
Transforming your data using external information and algorithms
You can easily integrate external logic and algorithms to define complex flows. In one of the examples at the end of this article, you can see how we make a call to an external API that detects the gender of the people in a picture.
How can I access Flow?
You can access the tool by clicking the Flow Editor option in the navigation pane of the Devo platform. To enable this option in the navigation pane, you need the Own flows permission (see role permissions).
If this is your first time using Flow, or if you have no Flows open, this takes you to the Flow welcome page. Here you can find quick access to the most used functionalities in flow, including:
Create a new Flow
Open an existing Flow
Import a Flow from a JSON file
Access useful resources
Learn the basics of Flow with useful video tutorials
Go to the Flow Management Dashboard
Â