Flow
What is Flow?
Flow is the Devo Platform's very own correlation engine; a step forward in our stream processing and analysis capabilities. With Flow, we can enhance cyber security efforts by integrating alert systems to prevent and alert security breaches. Flow automates data processing in real-time and speeds up investigation by defining complex workflows as soon as data arrives on the platform. Use Flow to understand relationships and to aggregate, normalize, analyze and enrich event log data.
Users will be able to design complex data management flows through a really intuitive and visual interface, and boost some of the current features of the Devo application. Simply drag the required units from a wide selection of elements into the workspace and create data pipelines by connecting them. The possibilities of the tool are endless—depending on the type of units and input data selected, you can use Flow to get different results. Extracting real-time insights from your data in motion has never been this easy.Â
With Flow, define different types of sources to detect and manage threats, errors, alerts, data sharing, and much more with various Units. Once the sources have been identified, decide how to process and analyze the events by adding units to your Flow. To alert you of problems with your data, the correlation engine immediately detects the change, rejects the configuration, and continues running with the previous settings. Learn more about this in our Use Cases.
What can Flow be used for?
Creating alerts easily
The Devo platform allows users to build their own alerts based on query data. With Flow, you can define query-based alerts much easier—you only need to create a two-element flow. For example, let's say you want to define an alert that triggers under certain specific conditions and you want to receive the notifications in your email. Just create a flow adding a unit that retrieves data from a Devo query and then connect it to a unit that sends emails to a specified address. As easy as that.
Defining complex alerts that cannot be created in Devo
Flow also allows users to build alerts that couldn't be defined in Devo. Alerts in Devo are limited to the available operations to transform your query data and the existing types of alert definitions in the application (Each, Several...). In Flow, units are scriptable, so there are no limits to the type of conditions you can define for your alerts. This allows users to detect complex data patterns in a simple way.Â
Correlating information from different sources
Using the available units in Flow, you can join several data streams and correlate the information in different tables to react when the same pattern occurs in different tables. For example, you can create a flow that compares the access time to two different servers in order to detect suspicious activity. You can boost the potential of your alerts and data injections correlating data from different data tables.
Transforming your data using external information and algorithms
You can easily integrate external logic and algorithms to define complex flows. In one of the examples at the end of this article, you can see how we make a call to an external API that detects the gender of the people in a picture.
How can I access Flow?
You can access the tool by clicking the Flow Editor option in the Devo application main panel. You won't be able to access this option if your user hasn't the required role permissions.
Alternatively, you can access the Flow Editor as a standalone application by accessing the URL below. Any user that has the permissions required to access the Flow Editor in Devo is allowed to access this URL. You will be prompted to enter the email and password of your Devo account, then select the required domain if you belong to several ones.Â
This allows users to work easily on the Flow canvas at full size, without the Devo application panel at the left part.
All the Flows that you create on the Devo application will also be accessible on the standalone version and vice-versa.
Â