With the overwhelming amounts of data, security teams need dynamic, real-time visualization capabilities to quickly make sense of the data they need to manage so they can take action where needed and convey the status of their security posture.
Devo makes these objectives easy to accomplish using Activeboards.
Devo Activeboards are intuitive, interactive dashboards that enable users to easily visualize, interact with, and explore their data. Powered by data queries, users can easily configure displays within minutes by dragging and dropping customizable widgets into an Activeboards window. A variety of chart and value-based widget types are available, which give users the ability to observe key aspects of their data so they can make informed decisions about the information they are gathering, which helps them gather metrics, track incidents, and identify potential threats, which increases efficiency and productivity in the SOC while strengthening security across the organization.
Due to their ease of use and portability, Activeboards are also available as out-of-the-box content on Devo Exchange. Devo Exchange is a vibrant community-based marketplace full of valuable content that customers can browse, install and manage with push-button simplicity. Users have access to this wide range of Devo-curated content created by our experts, partners, and the global security community.
Devo’s SciSec Team Shares Content via Activeboards
Devo SciSec, our team of security researchers and data scientists, arms customers with expert-built detections that augment security analysts and empower them to rapidly respond to industry-wide incidents.
The SciSec team has released their first installment of Activeboards into Devo Exchange.
SecOps Executive Overview Activeboard
The SecOps Executive Overview Activeboard provides a high-level summary of common SecOps alert and investigation metrics. This includes overviews of an investigation’s current status, alert times-to-react, the percent of actioned versus unactioned alerts, and a list of recent alert actions.
Utilizing the speed of the Devo Platform, security teams can leverage this Activeboard to view these metrics in real time, giving teams the visibility they need to make improvements based on the insights they obtain, which helps them improve the strength of their security posture.
Data Source Monitoring Activeboard
The Data Source Monitor Activeboard reports metrics on the Devo domain’s data sources. After selecting an object, the Activeboard flags tables that have a significant decrease in ingestion. In addition, users can observe monthly data volumes and hourly volume breakdowns, plus new and missing hosts, users and firewalls.
With its ability to display multiple datasets, the Data Source Monitor Activeboard gives security teams instant access to data within the Devo Platform in an easy-to-visualize format. This enables users to make decisions about how they manage these data sources while helping them quickly identify patterns and abnormal behaviors across the entire attack surface.
Access SciSec Activeboards on Devo Exchange
The SecOps Executive Overview and Data Source Monitoring Activeboards are available for our customers on Devo Exchange today.
For additional SciSec content, including threat research blogs, alert packs, and the latest detections, please refer to Devo Exchange and the Devo Connect user community.
For the latest updates on Devo Activeboards in the 7.15 Platform release, including the new time-lapse widget, please refer to the Devo documentation.