Recorded Future Integration for Devo

Introduction

Devo is a cloud-native logging and security analytics platform used to monitor and protect organizations, minus the complexity, performance and cost challenges.

The Devo Platform enables security and operations teams to address common use cases including centralized logging, SIEM, compliance, fraud detection, and more. The Platform includes tightly integrated applications for security and IT teams.

Devo Integration with Recorded Future

Our integration with Devo helps Devo users make informed verdicts based on ingests Recorded Future Threat Lists in the form of CSV files containing enriched lists of entities associated with cyber threats into Devo as Lookup Tables. These Lookup Tables include IP Address, Domain, and File Hash entities. The integration enables Version 1 includes IP Address, Domain, and File Hash entities. This enables the following use cases:

  • Alerting - The Recorded Future threat lists and resulting Devo lookup tables can be used to detect and alert on potential security threats through correlation with other data types ingested into Devo, for example, firewall, proxy, or EDR logs.
  • Alert enrichment - Threat lists also include additional contextual data about each entity enabling enrichment of security alerts.

You can view the lookup tables in the Data Management menu under the Lookup Management Tab.

There is also a set of dashboards available to be installed via the documentation.

You can find the integration documentation here:  https://docs.devo.com/space/latest/94657134/Recorded+Future+collector

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
2 out of 3 found this helpful

Articles in this section

See more