Introduction
Devo is a cloud-native logging and security analytics platform used to monitor and protect organizations, minus the complexity, performance and cost challenges.
The Devo Platform enables security and operations teams to address common use cases including centralized logging, SIEM, compliance, fraud detection, and more. The Platform includes tightly integrated applications for security and IT teams.
Devo Integration with Recorded Future
Our integration with Devo helps Devo users make informed verdicts based on ingests Recorded Future Threat Lists in the form of CSV files containing enriched lists of entities associated with cyber threats into Devo as Lookup Tables. These Lookup Tables include IP Address, Domain, and File Hash entities. The integration enables Version 1 includes IP Address, Domain, and File Hash entities. This enables the following use cases:
- Alerting - The Recorded Future threat lists and resulting Devo lookup tables can be used to detect and alert on potential security threats through correlation with other data types ingested into Devo, for example, firewall, proxy, or EDR logs.
- Alert enrichment - Threat lists also include additional contextual data about each entity enabling enrichment of security alerts.
You can view the lookup tables in the Data Management menu under the Lookup Management Tab.
There is also a set of dashboards available to be installed via the documentation.
You can find the integration documentation here: https://docs.devo.com/space/latest/94657134/Recorded+Future+collector