Experience the Devo next-gen SIEM in a group setting with live Q&A Register Now
Request Demo
June 12, 2018

Devo Advances Correlation Capabilities

By Sergio Bellido

Devo today delivered new capabilities supporting the graphical representation of disparate data sources and a number of User Interface improvements.

Cross-Search Graph Widget

The improved Devo Graph Widget now allows you to calculate the relationship between tables using columns (from any combination of disparate data sources) and displaying the results graphicly. Organizations could use this feature to combine data sets for analytics, applications, logs, metrics and more. How might this look in practice? Let’s say a bank wants to be able to visualize directly related information from two different sources within their infrastructure. They could use the Graph Widget to correlate the information from a proxy server and a web server by using the IP addresses to join the data sources. The Cross-Search Graph Widget would give the bank the ability to visualize and calculate the relationships between all the tables and display all the joins required across the disparate data sources in a flowchart-like environment.

Shannon Entropy Operation

We have enabled the Shannon Entropy operation within Devo. Simply put, entropy is a measurement tool. How might someone use Shannon Entropy within Devo? Let’s consider cyber attacks that make use of the generation of random URLs. Random URLs usually have higher Shannon Entropy measurements than legit URLs; therefore, being able to run Shannon Entropy against your logs might help determine whether your systems are under attack.

User Interface

We have made a number of user interface improvements in this release including:

  • Sort in DataSearch – When performing a search in Devo, customers can now sort the results, directly from the Devo user interface by one, many or all columns. Previously, to do this type of sort the tables would have to be exported to a csv file. Now this function can be done within Devo.

  • Widget to Query – Got a Dashboard Widget that is just too cool and you are dying to know the code that created it? With one click you can now go directly to the query in Devo that generated the widget.

  • Dashboards as Favorites – Let’s say end of quarter is coming up and you have some specific dashboards that you need regularly to close up the quarter. You can now highlight those dashboards to appear on your home page. Quarter over and you want to clean up your home page? Go ahead and turn them off, or leave them there – the choice is yours now.

  • Line Charts – We have added a warning pop-up if your selection criteria for a chart might pose a problem for your browser (i.e., a slow down or a crash). Additionally, you can now apply visual changes to all elements of a grouping set at once. For example, you could assign the same appearance to all incoming connections from a given IP address. This capability allows you to easily group and visualize elements with similar properties, in this case the connections from that specific IP address.

As always, please feel free to reach out to [email protected] with any questions.

Author: Sergio Bellido

Devo v5.2.8

By Sergio Bellido

Get the latest updates

Sign up to stay informed with the latest updates from Devo.

Want a live demo or have specific questions? SPEAK WITH A DEVO SPECIALIST