Experience the Devo next-gen SIEM in a group setting with live Q&A Register Now
Request Demo

Release Notes

January 11, 2021

v6.7 Brings Usability Enhancements to Data Search

We’ve streamlined the time zone selector in the download search data window so you only have to select the time zone once (instead of twice). We also added a time offset to the listed time zone to make it clearer.

Lookups Made Easier!

We made creating Lookups easier by no longer requiring a description field: 

New Function and New Fields

A new function has been added to Data Search that allows you to check if a field is empty when you select it. Learn more.

New fields are now available in Data Search, including the raw message.

These new fields are available in both free text query and the query editor. Learn more.

November 21, 2020

6.6 brings Alerting improvements

Create & Manage Alerts directly with LINQ

For better integration with SOAR solutions and other 3rd party applications, we introduce the new Alerts API with full LINQ syntax so you can create, delete, and modify Alerts directly with the API. This new feature is in Beta, contact Devo Support to get access to this feature.

Also, improved Gradient and Deviation alerts.  Use the Gradient & Deviation algorithm on any numeric column, even if the query contains multiple aggregation functions. Learn more

Lastly, to improve traceability for API calls, a user will be assigned to every key pair (API key, API Secret). Learn more

October 14, 2020

6.5 brings Activeboards enhancements, including PDF reports

In addition to sharing Activeboards with other users, Devo now makes it easier to share data from Activeboards with co-workers who don’t have access to Devo.

Share data from Devo with others!

Now you can share your data from Devo by publishing printable PDF reports from Activeboards.

Or share it by exporting from Activeboards widget to CSV. Learn more

Get the exact time you want with the Date picker

It’s easier to get the exact time range you want with new date operators in the Date Picker. This also includes new operators such as: snap-to, forward, backwards, set, and more (all examples in docs.devo.com). Learn more

Watch the Video

Refresh all your widgets

This new feature allows you to refresh all widgets in an Activeboard independently of the grouping period any single widget has. Learn more

Watch the Video

September 23, 2020

Devo Security Operations Q3 Release

The Q3 2020 Security Operations release introduces several new features and content to improve analysts’ effectiveness and improve SOC operations. Details of all updates can be found below and product documentation can be accessed here

Dynamic Visual Analysis

Overcome barriers of analyzing volumes of data with interactive, automatically built views.

  • Surface threats by visualizing the clustering of entities by impact, producer/consumer ratio (PCR), and entity social connectedness (consists of # of outbound connections and associated relationships).
  • Achieve immediate situational awareness through an entity graph mapped and geolocated.  Prioritize where to investigate based on magnitude of risk (based on the count of alerts and investigations – color coded) for a specific location, the impact score of an entity, the priority and count of alerts, and ongoing investigations in the geo.
  • Visually identify entities behaving differently than their peer groups or their roles via visual indicators flagging entities whose behavior is abnormal relative to its previous classification category. E.g. when a server is behaving like a client.
  • Visualize the blast radius of an attack by analyzing the ‘reach’ from an affected entity via determining the distance between two entities.
  • Explore the entity graph reactively via alerts and investigations already generated or proactively for hunt activities and seamlessly integrate findings into an investigation.

ML-Powered Analytics

Find hidden signals and understand behavioral change using Devo’s entity models and also characterize and detect malicious domains. 

  • Security-focused ML models leverage the Devo query engine and modeling capability of the Devo platform. 
  • A new ML model classifies, predicts, and characterizes hard to detect malicious domains.
  • Several models classify entity behavior changes over time in the same way a social network behaves conceptually:
    • “Me”: compare a user to the user’s behavior over time
    • “We”: compare a user to the user’s cluster over time 
    • “Us”:  organizational cohort analysis over time

Analyst-centered Investigations

SecOps speeds analyst’s investigations through the use of a practitioner tailored workflow and integrated automation, reducing workload for analysts and improving their performance.

  • Quicker alert disposition with the ability to update multiple related alerts at the same time (e.g. mark as unread, watched, closed) and add confidence tags (true positive, false negative, positive not actioned) and custom tags during alert triage. 
  • The new Evidence Bucket enables analysts to move back and forth between alert triage, investigation, and hunting views and provides a common mechanism for capturing all the evidence they want to add within an investigation.  
  • In addition to auto-enrichment of entities after investigation creation, on-demand enrichment is now available. Enrichments can be added through the Evidence Bucket, from within an already created investigation and during a hunt. 
  • Run-from-anywhere alert definitions, investigation queries, and hunting filter history to quickly investigate or hunt. 
  • During triage check MISP Sightings to determine if a suspicious entity has ever been seen by your MISP network before
  • Download any investigation as a formatted report to use for reporting, after-action discussions, or as evidence submission.
  • Investigation super-timeline makes it clear who did what for each investigation. Queries, artifact analysis, enrichments, and comments are all laid out on a single timeline.
  • Secure audit log for all actions across all platform APIs and SecOps application

Additional Integrations

SecOps seamlessly integrates methods of enrichment, analysis, and investigation from your security ecosystem, reducing the number of consoles and quickening the analyst’s investigation pace and effectiveness.

  • Capture and investigate evidence across endpoints with new support for CrowdStrike and Carbon Black APIs.
  • Enrich investigations with greater context with new support for: Anomali, ThreatConnect, DomainTools and Greynoise. 
  • Analyze files and capture findings with new sandbox support for: Blueliv, CrowdStrike, and VirusTotal.
  • Read files from S3 buckets that include captures from Corelight or Endace.
  • Increased network traffic visibility through Corelight NTA, Palo Alto Cortex, and Fidelis command post.
  • Respond using integrated SOAR capabilities with Palo Alto XSOAR, Swimlane or investigation forwarding to your SOAR of choice.

Expanded Visibility and Alerting

Increase Signal Detection coverage and visibility, decrease alert noise to find hidden signals more efficiently.

  • Hunt with more context through the usage of lookup enrichments and filters to tune the result set into your exact set of outcomes.
  • Global whitelisting capability for instituting tribal knowledge into alerting context.
  • Expanded user agent string analysis enables refined entity definition.
  • Increased statistical analysis, context lookups, historical and dynamic contexts in alert definitions.
  • Impact-measured entity scoring integrated within alerting details enables analysts to know what Devo knows about how much the network would suffer from the removal or compromise of an entity.
  • More content for Alert types: Models, Analytics, Observations and Detections.
  • The Devo Threat Data Service now supports streaming analysis of all MISP indicators at massive scale 
August 3, 2020

Updated JSON parsing and more in arrives in 6.4 release

Updated JSON Parser

Updated 6.4 JSON parser makes parsing data at query much faster by allowing for multiple selections as shown below.

Save even more time by using the updated JSON parser to map specific data types before data extraction, instead of going back and adding the data types after. Learn more

Watch the video


Time Series Anomaly Detection Widgets

Now do Time Series Anomaly Detection directly in Data Search using the new TSAD functions in the Data Search UI. Learn more

Historic Lookups

Now query lookups will also consider time when enriching a column’s data.Users will be able to either enrich data using the last value of a given key, or the corresponding value at a specific time. For example “the value of this ID before April 12th 2020”. Learn more

Watch the video


Other Updates and Fixes

● Autoparser now has support for IPv6, MAC, timestamp as datatypes, and available for my.upload tables
●Activeboards can now be shared from parent domains across child domains
● Queries downloaded to email or S3 can now be cancelled when “Cancel Query” function is selected from Query Management screen
● The tag “my.blend” has been replaced with “my.parser” for union tables, and new tag “my.tech” specifically for data from “my.app” tables

June 16, 2020

Query improvements arrives in v6.3.3

Query improvements

Devo makes it easier to pull back only the fields you want by giving you the option to show all available fields in a table before executing a query.  Click the “Show Table Fields” in Free Text Query to peek at available list of tables, then select only the fields you want. Learn more

Other Updates

  • Better specificity In Data Search by editing the values in the OR-Selector and creating new values manually. Learn more
  • Better resource management by only updating running queries list on demand in the Query Management screen. Learn more
March 27, 2020

Role Based Alert Management arrives in v6.3

Role Based Alert Management

Devo now will allow users to define view/manage permissions for alerts.  Admins can do this via the Roles Management section of the UI. This means users will be granted permissions to define and view alerts for ONLY the category they to which they have access. Learn more


Bug Fixes & Other Updates

  • New operation weaktoktains() added to improve the case insensitive search of tokens. Learn more
  • Fixed issue with email templates in multi-tenant deployments
  • Redesign for Autoparser UI to handle longer events
  • Fixed Free Text Query error when pasting text from clipboard into empty Free Text Query box
  • Fixed ability to cancel queries that are set to email results or download to S3
  • Fixed issues with India time zone

March 2, 2020

Activeboards Improvements now available in v6.2

Activeboards Improvements

  • Snap-to-Time available in the Calendar Selector; this snaps the “from time” to the unit indicated.  We’ve made it easier to narrow down the timeframe you are looking for. Learn more

  • Jump from Activeboard to data search with Go-To-Query option.  Dive deeper into the interesting data in your Activeboard by going directly into Data Search for more context and correlation. Learn more

  • Devo now allows users to categorize Activeboards by using tags.  Users can define new tags, then filter by tags. We’ve made it easier to find the Activeboards you are looking for, and for other users to find Activeboards you have created.  Learn more
  • It is now possible to mark Activeboards as favorites, and set an Activeboard as “Default.”  Now you can set your favorite ActiveBoard to default – so it’s always the first one to load up.  Learn more

Other Updates

  • Autoparser improvements: no longer necessary to name the excluded columns, and clicking “refresh” populates subtypes.  We’ve streamlined the autoparser workflow so you can get to your data faster.  
  • Lookups on a single key can now return an entire row in JSON format.  We’ve made it easier to pull back all the data you are looking for by allowing the entire row instead of just a single field.

December 19, 2019

Multi-tab support arrives in v6.1.0

Multi-tab support

It is now possible to open and use Devo in multiple browser tabs or windows enabling greater flexibility when using Devo.

Autoparser Updates (beta)

The autoparser feature introduced in v6.0 has expanded capabilities in v.6.1. It now supports JSON formatted data columns, either as a JSON data type or string. Also introduced in this release is the ability to undo and remove a parser that was created for the given table. Additionally, arrays, IPv6 and MAC addresses are now automatically detected by the tool. Note: This feature is still in beta. Learn more

Alerts Updates

Users with the correct permissions can now reset the total count of unread alerts in their domain. Also, the tooltip provided on the side bar has been redesigned to include the number of new alerts that are unique to the user and how many unread alerts there are in the domain. Learn more

Bug Fixes and Other Updates

  • Error handling is improved for cases when Slack delivery methods are configured with invalid parameters 
  • The operations drop-down menu in data search is now properly displayed when the operations window is small
  • After running a free text query the saved table column layout is now preserved
  • Saved table column layouts now override any current selected columns from the show/hide columns option
  • The correct error message is now displayed when an invalid IPv4 address is specified in a query
  • Error handling is improved for cases when a non-JSON data type is used as an argument for a column operation that requires a JSON data type
  • Activeboards table widgets now always display years using four digits
  • Activeboards table widgets configured with top row limits are now displayed properly when there is no data returned by the widget’s query
  • Authentication tokens now function properly when the target table name has upper case letters
November 6, 2019

New features now available in v6.0.0

JSON Parsing

Users can now easily gain insights from JSON formatted data with just a few clicks. Within Data Search, JSON formatted data columns can be pretty printed by hovering over a JSON data field and pressing “P” on the keyboard. From here, the user can then select a key/value pair and create a new column containing just the values for that key/value pair. This functionality is also available via the REST API and Activeboards. Learn more

Automatic Parsing of Logs (beta)

Parsing unknown or custom log formats can now be accomplished by users with point-and-click ease. To get started, within Data Search navigate to a table that is not parsed and select the Autoparser option. Presented to the user is a suggested parsing scheme based on an analysis of a sample of the events in the table. The user can modify any of the suggestions as needed. For each identified data field the user then supplies a name of their choosing, the data type, and confirms the settings. Previously ingested, and all future logs stored in this table will now be parsed based on this parsing scheme. Note: This feature is in beta and currently only detects delineators for separator-based logs and only supports events stored in my.app tables. Learn more

Role Management Updates

Managing Devo roles has been simplified, allowing administrators to quickly provision and understand what permissions each role has thanks to a new configuration page that groups role permissions by category and whether they have view or manage rights. Learn more 

Alerts Improvements

A number of improvements have been made that make it easier for users to gain insights from alerts in Devo. 

  • First up, in the alerts list, users can now visually determine if an alert is new to them, denoted by the new tag, and now if any user in the domain reads an alert it’s status changes from unread to watched making it clearer if someone else has looked at it.  

  • Alert emails can now be configured to include, as a CSV attachment, a selectable number of events that caused the triggering of an alert. 
  • The priority of an alert can now be set during alert creation and the process for changing the priority of an existing alert has been streamlined. 
  • Lastly, it is now possible to enter multiple annotations for an alert without error. 

Activeboards Updates

A number of usability improvements have been made in this release. The biggest change is that users, without requiring administrative privileges, can now share Activeboards with any other user who has the same role permissions. Additionally, the owner of an Activeboard can select whether the users they share an Activeboard with will have view and/or edit permissions. 

Other Activeboards updates include: 

  • Data table widgets can now be configured to always display a specific number of rows and the default sort of the table can now be set.
  • Line chart data points are now auto-filled with the value of zero when the query’s grouping period returns no data.
  • Several updates were made to improve Activeboard’s resiliency and performance.

Other Updates

Open ID Support

Open ID is now a supported authentication mechanism and as an option new users can be automatically registered during the initial authentication process. Learn more 

New Data Operations

New domain manipulation operations are now available making it easy to extract pieces of a domain including the top level, sub, and root domains. Learn more

Look and Feel

There is a revised look and feel of the login, signup, and home page.

August 6, 2019

New features now available in v5.5.4

Server-mode Query

Queries that are built in the UI can now be run server-side. In previous releases, the web browser carried out some of a query’s calculations in addition to the server. Within Data Search you can now select whether a query runs with server mode on or off. Off is the existing and still default mode. This option is selectable per query. 

When should server mode be used? If you experience degraded browser performance while executing queries with high cardinality and/or variability in the grouping keys or those that require computationally heavy calculations running with server mode on may help. It is otherwise recommended to continue running queries using the default, server mode off setting. 

If a user desires they can make server mode on the default behavior for all queries. The user can enable this in the user preferences section. Learn more

Additional related changes: 

  1. The double grouping Linq syntax is no longer required. A single group every statement can now be used.
  2. All column operations against aggregated results are now possible. For example, after grouping your query results you can now create a new column to enrich data.

CyberChef Integration

CyberChef can now be invoked directly from Data Search. CyberChef is an open source app that enables analysts to easily manipulate data. For example, a user can select a piece of data from Data Search and perform a number of basic and advanced data operations and build recipes that can be saved and reused. Learn more

 Quick tip: To copy a piece of data from Data Search into CyberChef, just press “c” on the keyboard. Learn more about CyberChef here: https://github.com/gchq/CyberChef

Custom Drill Downs

Customizable, contextual drill downs are now available in Data Search. These drill downs enable users to easily pipe a piece of data from Devo to an external service. For example, instead of manually copying and pasting domain names into a whois service, a drill down can be configured to pass the domain name to a whois service and the result displayed in a new window. Drill downs can be configured by admin users in the Global Preferences section. Learn more

Retrieve Query Results via S3 or Email

Optionally, query results can now be retrieved from an S3 bucket or directly via an email. In either case, the user will be alerted via email, either with a link to an S3 bucket to retrieve the .zip or with the results directly attached. Learn more

Other Updates

  • Free Text Query can now be enabled for non-admin users and queries run from here will only return results for tables the user has access to.
  • In the create column dialogue box it is now easier to specify whether case sensitivity is desired for a given operation. There is also a user and global preference to configure the default setting.
  • Time Series Report (in beta) allows users to generate a report that analyzes and provides insights into a series of data – either counts of aggregated results or a selected numeric value. This option can be found in Data Search settings > query info. Learn more
  • A new map visualization called Pew Pew enables users to visualize the flow of information from one coordinate to another. Learn more
  • Vertical applications can be opened in a new tab directly from the application menu.
  • Several new column operations are available related to networking, IP address conversions, and geolocation.
June 18, 2019

Devo Activeboards now available in v5.5.3

Previously available in beta under the codename Morpheus, Devo’s next-gen dashboards, Activeboards, are now generally available. Activeboards enable users to visualize and interact with their data in a highly intuitive and real-time way. These release notes cover the major changes between beta and GA versions.


Auto-refresh can be enabled at the Activeboard or individual widget level. When enabled, the entire Activeboard or specified widgets will refresh at the defined grouping period that’s specified in the query associated with each widget. When enabled the widgets display the auto-refresh indicator. Learn more

Relative interval dates

Preset date intervals (from seconds to years) can be selected at the Activeboard and individual widget level. Selecting an interval period allows you to quickly visualize and interact with data from a specific period of time, including up to the present in real time. When an interval period is selected at the widget level, an indicator will be displayed indicating a custom period has been defined. Learn more


Activeboards sharing and edit controls

Sharing an Activeboard is as easy as checking a box, which makes it available to all users in the domain. Additionally, Activeboards can be marked as read-only or editable allowing you to collaborate on your Activeboard with others in your domain should you want. Learn more

Widget acceleration

After adding a new widget to an Activeboard, it may be eligible to be accelerated (via an aggregation task) and if so will display an indicator. When an aggregation task is used the speed of the query can greatly improve and thus the widget more rapidly display information. Learn more


Other improvements

  • Limit and offset commands are now available when writing a query for a widget. Limit allows you to retrieve just the first N records of a search. This is useful if you want to see a sample of data. The offset command allows you to skip ahead a number of records in your search. Learn more
  • The upper option bar has been reorganized to improve usability and it is now possible to easily open an Activeboard in a new tab.
March 27, 2019

Devo Delivers Query Lookups, Performance, and Usability Improvements in v5.5

Query Lookups

Devo now supports creating lookups based on the results of a query. These powerful and flexible new lookups consist of two types: static and dynamic. Static query lookups contain a snapshot of a query’s results during a fixed time period. In contrast, dynamic query lookups contain key-value pairs that, once added, are continually updated based on the lookup’s moving window of time.  Learn more


There have been several usability and feature updates made to alerts. Slack is now available as an alert delivery method. You only need to create a webhook in your Slack workspace, then the set-up in Devo is a breeze.

Some small but sweet updates: Now you can search and filter all of the alerts that have been created in the domain. Also, alert owners are now listed in the alerts table so, for example, you can search for the alerts that you created. Several internal improvements have also been made to make alerting more stable and to improve the overall user experience. Learn more

Case Insensitive Index Operations

Devo’s indexing technology is now more flexible – it is possible to search for data, in a case insensitive way, using Devo’s highly optimized index through the use of new case insensitive operations. Operations include: has, in, and equals. When searching for data using the now available case insensitive operations case insensitive searches are substantially faster than before. Learn more


Column Layout

Building on the column selector capabilities first delivered in v5.4 it is now possible to reorder the columns via drag-and-drop functionality and also view the data type for each column. This makes visualizing data the precise way you need much more efficient. Learn more

Other Improvements

  • Scrollable data search view – It is now possible to horizontally scroll across the data search view using the browser’s scroll-bar or mouse gestures.
  • Query progress indicator – Users can now view the progress of queries directly in the UI.
  • Data search settings – Admins can now configure parameters to tune the data search behavior and deliver the best experience for their users.
November 22, 2018

Devo Improves Usability and Adds New Alerting Capability in v.5.4

Column Selector

It is now possible to select the columns to display prior to displaying a table. Additionally, the column layout is now easier to customize after a table has been opened. This is a usability update that makes it easier to display tables that have a large number of columns. Learn more

Save Cross-Graph Diagram as a Widget

Cross-graph diagrams are a powerful visual analysis tool. They enable users to visually perform data correlation analysis across different tables in a single, easy-to-understand diagram. In v5.4 it is now possible to save cross-graph diagrams as a widget. These widgets persist a given cross-graph diagram between sessions. Saved widgets are available in the Finder Screen, next to the Favorite Queries section. This is a usability update to ensure cross-graph diagrams don’t need to be recreated after configured. Learn more

Rolling Window Alerts

A new type of alert, the rolling window alert, is available starting in v5.4. With this new alert type it is possible create an alert definition that will, with a defined periodicity, look back over a specified period in order to generate an alert. This is a new feature that allows finer control over how alerts are generated over a period of time. Learn more


Map Area Widget

New in v5.4 is the map area widget. Similar to the heat map widget, with the map area widget it’s possible to visualize data on a global map. With this new map type, the size of the data point, displayed as a hexagon, will change based on a supplied value. This new feature enables users to visualize data in a new way. Learn more


Default Time Range Displayed

It is now possible to alter the default time range of data that is displayed when opening a table. Instead of the default 24 hours, this is customizable and applies to all users in the Domain. This usability change makes it easier to access the data that’s most relevant. Learn more


October 4, 2018

Devo Adds Multiple Groupings, Enhances User Management in v5.3

Multiple Groupings in UI

It is now possible to create multiple groupings in queries directly from the UI. This avoids workarounds and reinjections that were necessary in the past. Now, in release 5.3, questions such as, “How can I calculate the standard deviation of a given set of averages?” can be added easily in the query editor window of the main query.

User Management

In release 5.3, we completely redesigned the role creation page, adding the ability to accommodate duplicate roles and including better descriptors for finer-grained actions. These refactored roles and enhancements eliminate administrative workarounds in managing the Devo environment. In addition, there is a new provisioning API to support user schema.

Security Authentication

In Release 5.3, we introduced new API Authentication tokens. Devo administrators can now create tokens restricted to a set of tables, vs. the past API key which offered access to all tables. As Devo environments grow with the need to add 100s of end users, this significantly improves the granularity of security access management.  Note, however, that the form to create the tokens remains the same – (Administration>Credentials>Http/Apiv2 Tokens)

Usability enhancements designed to handle complex scenarios

Lastly, based on user feature requests for ease of use in the UI, we’ve added the following enhancements in release 5.3:

  • Data lists can now be sorted by name
  • The Domain selector now offers a truncated list of domains to address CSS issues on long domain lists.
  • Internal email sending capability from within the Devo application is enabled.
July 4, 2018

Devo enhances User Experience and Statistical capabilities V 5.2.10

In release 5.2.10, Devo offers improvements to our user interface, new statistical operations, improvement in the way the OR selector functions, and a number of bug fixes.

Default table layout

The operation of the Domain Table layout selector has been created so admins can set up and save a Default table layout for each table across a domain, providing users in a domain with a smoother and more predictable display of tables.


New statistical operations

New statistical operations, NNAVG, NNVAR, NNUVAR, NNSTDDEV, NNUSTDDDEV, provide users with different ways to calculate the Average, Variance (Biased and Unbiased) and Standard Deviation (Biased and Unbiased), without taking into account the Null values.

Other improvements

Fixes and enhancements in v5.2.10 make it simpler to use Devo. These include:

  • The Monitor widget in Dashboards has been fixed.
  • We’ve added an Odata password complexity checker.
  • The textbox in the OR selector is no longer case-sensitive and we have improved the usability when a single value is selected.
  • The Naming convention in Alerts has been standardized.
  • We have made usability enhancements and fixes to Data Search Area.
  • Devo has improved the display of menu options in the Data Search area of the user interface to accommodate new options.
June 12, 2018

Devo Advances Correlation Capabilities V 5.2.8

Cross-Search Graph Widget

The graph widget now allows users to calculate the relationship between different tables, using one or many columns to define that relationship. This takes the already powerful graph chart to a different level, simplifying the visualization of joins (inner and outer) between different data sources.

SORT In Data Search

It’s now easier to search in Devo. Customers can now sort results directly from the Devo user interface by one, many or all columns. In addition, we have improved the layout of the column header menu. null

Widget to Query

Want to understand the code behind a Dashboard Widget? Now you can go to the query that generated the widget and see the code.
widget to query

Mark Dashboards as Favorites

Mark your favorite dashboards so they can be accessed directly from the home page. Change your favorites to suit your needs.widget to query

New Shannon Entropy operation

Users can now calculate the Shannon Entropy measure for a given string (https://en.wiktionary.org/wiki/Shannon_entropy). This is useful, for example, in the cybersecurity space when detecting randomly-generated urls.
New Shannon Entropy operation

April 17, 2018

Devo Improves Dashboards, Visualizations and Queries V 5.2.5


Devo customers can now create custom styles for their line widgets. Additionally, once a customer has defined a custom style for a line widget they can store the style and use it across any line widgets within their domain. A customer might use this new feature when identifying a new exception parameter. Then, you could apply this new style across historical data in the domain. Finally, we have improved the table widget in dashboards to provide filtering and ordering.


TimeZone Selector

With this release you can choose a time zone by the default browser, select a particular time zone, or select a time zone for one session. Customers can use this feature to look at data in time as it happened within the time zone, regardless of where the person(s) issuing the query is/are. This can be very useful, for example, in the world of IIoT where an operator could be in Cleveland but the machine they are operating is somewhere else in the world.


We have enabled the ability to perform OR selections directly from the column headers. Previously, to build an OR logical condition customers had to build the condition as a new column operation. Now, just clicking the OR-selector in the column headings will allow you to select, for example, one city or another, a range of IP addresses or another, and more.

March 13, 2018

Devo Improves Customer Experience with Dashboard, Data Enhancement and Alert Improvements

Export Widgets to Dashboards

Devo now supports the ability to export widgets to dashboards directly from search. This feature enables customers to create a widget in the search area and then directly export it to a dashboard. With this new feature, Devo transparently does the background work of creating the associated aggregation task, enabling you to gain insights from your data faster. This feature is available for the Voronoi, Heatmap and Line Charts; look for more enhancements to this feature, across the platform, in coming months.

Alerting Enhancements

Devo is introducing two new alerting features today:

  • Deviation Alert.
  • Gradient Alert.

When Devo is given a series of data and the deviation exceeds a defined threshold within a certain period, a deviation alert is issued. An example would be to detect the response time of a server that is significantly higher than the average of all other servers. This scenario could highlight what might be a predictable failure or a one-time anomaly.

The Devo Gradient Alert provides an alert when a value in a given period exceeds that same value in a previous period. Let’s use a use case to explain this one as well. A Devo user could be alerted when the average of a response time is 2x larger than the previous aggregation period. So, if the average in response time variance is in the 20% range, but all of a sudden jumps to 40%, a Gradient Alert would be issued.

Data Enhancements

With this release, customers can now view and edit lookups directly from Devo . The lookup process allows you to add external data to an existing data table. Previously, this type of external data upload was done via a .CSV file.

Other improvements

  • Ability to copy paste the query in the tooltips
  • New L&F Contact form
  • New firstnotnull() and lastnotnull() operations
  • Ability to see your own role
  • The default role when creating a user is now “not privileges” to avoid creating wrong “admins”
  • Ability to clone dashboards
  • Ability to set dashboards as favorites
February 1, 2018

Devo Expands Chart and Global Search Capabilities V 5.1.5

Expanded Chart Capabilities

Devo Chart Aggregation is the most-used feature amongst our customers. As a software provider the first rule of product development fight club is if it’s not broke, don’t fix it, right? Right. But, what you do is listen to your customers and based on their feedback, bolster that feature. And that’s exactly what we’ve done, adding powerful new features to the chart widget to bolster its usability as a tool for Devo data analysis. In addition to the current line chart widget features, users can now:

  • Filter the values of the grouping keys in the chart itself for fast analysis without having to modify the query;
  • Configure the color and look and feel of the series;
  • Create bands to measure fluctuations.

January 9, 2018

Devo Broadens Data Delivery, Security and Search. V 5.1.2

HTTP Sending

Devo now supports sending data directly via http(s) by use of a token. This token is managed within the Devo platform from Administration>Credentials>Http tokens. With this feature, Devo users can define target tables using wildcards and have the ability to validate and centrally manage tokens with the platform. So, what’s a new use case that a Devo user might enable for their company with HTTP Sending? Mobile and IoT are good examples. With HTTP Sending users can enable log sending in any number of scenarios – for example, from an application, mobile device and any smart or IoT device. If you are interested in enabling HTTP Sending, we have included code snippets in the documentation to get you started.

Global Search

In the never-ending hunt to find nuggets of insight within data, we have made improvements to our Global Search, Search box and Event Flow management. For Global Search, in domains where Global Search is enabled, Devo now keeps search criteria when you drill down into the next level of detail of the data set. For example, it is now possible to do a search on all data and execute that same search on a subset of that original search – the search data is retained for you. Additionally, we have enabled Contextual Help within the Global Search function. With this release, within Global Search, your full search expression is shown and contextual help (a pop-up screen) is available to explain the search syntax and give you examples to complete your search.

Event Flow

Finally, we have added the ability to ensure real-time event flows as default. Within the platform a new account preference is enabled to set the default behavior for the “Real-Time Flow” preference switch. This feature is all about speed: enabling real-time event flows within queries ensures fastest access to the latest (real-time) data sets within the Devo platform. We are thrilled to be delivering enhancements to our data delivery, security and search capabilities within the Devo platform. We believe these improvements bring enhanced speed, mobile and IoT access, SSO ease of use, and search features that will drive further data insight and analysis for users of the Devo platform.

SAML Integration

Devo is committed to supporting industry standards around security and data access. With this release, Devo can now implement the Security Assertion Markup Language (SAML) standard to perform delegated authentication. SAML ensures the authentication and authorization exchange of data between parties (identity and service provider, for example). Single Sign-on (SSO) is the most prevalent use case for SAML Integration. Customers that implement an identification provider (Google, Okta or OneLogin, among others), can now login to the Devo platform via SSO.

October 17, 2017

Version 5.0

ASILO (Aggregation Stored in Logs)

All the aggregation back end technology has been moved from MONGO DB to Devo technology. This means that whenever an aggregation task (aka, datasource or casperable) is created is not stored in Mongo anymore but in a LT table. This represents a major shift in the architecture that will allow better scalability, performance and reliability. There is little change or none from the customer perspective but massive in the internals.

New links to doc

New links to doc all over the app.

Queries tooltips (v5.0)

Ability to see query’s linq in a tooltip in favorite and last queries.

LookUp DownLoad(v5.0)

Ability to download an existing lookup as a csv.

New first steps Look and Feel

New Look and Feel of the first steps page, including links to ”send your first data” and “sample data injection. The objective is to have a clearer call to action for new customers when they first land into the app.

New finder edition mode

The edition mode has been completely overhauled to improve its usability when there is a big amount of tables to manage, as it now allows to select/deselect multiple tables at the same time. It also implement clearer call to actions and a sleeker UI.

Sample data injection

Demo data sets available for customers to start extracting value out of Devo asap. This will come along a documented use case.

Odata Informative message

To avoid misusage of Odata a warning message is included in the feed creation.

New Social Intelligence interface

Total overhaul of the social intelligence pages, making it easier to use.

Copy/Paste Icon in API Key/Secret

Copy/Paste Icon in API Key/Secret to enhance usability

Alerts filtering simplified

Two levels / not three.

New query Management tool

Help domain administrators to manage the running queries.

Usability improvements in Injections

To avoid confusion when sending to other domains.

Include dots and lines in graphs

Ability to mix lines and dots in the same graph.

Automatic detection of Browser Exhaustion In Loxcope

In scenarios where the amount of events is too big for a human being to read and for the browser to cope with the app auto adjusts.

Finder (search) improved performance (v5.0)

Improved response time when opening the ”Search Data” option so the tables list appear way faster.

Other improvements

  • New Enhanced Voronoi : New capabilities and configuration options
  • UI Coherence tasks: UI improvements in empty screens, old forms removed, headers look and feel unified
  • Improvements on Windows Agent
  • Improvements into KakFa / Hdfs connectors
  • Complete technical refactor on Alerts Functionality: Bug solving
  • Menu names change: Data Search, Data upload, Data Management…
June 22, 2017

Version 4.12.4

Enhancements in graphs

A few enhancement the graph widget have been included in this last version. When assigning a geographical location it can be done by just drag and dropping the coordinates in one step as opposed to having to include the latitude and the longitude separately. For example see below. It is also possible to assign colors to a given nodes by drag and dropping the chosen metric as follows. For detailed information please visit
https://docs.logtrust.com/confluence/docs/search-tool/additional-tools/charts/graph-diagram /how-to-create-a-graph-diagram

June 12, 2017

Version 4.12.2

Enhanced charts

The charts now provide the possibility to apply two different styles, dark and light, besides a new set of switches to enable/disable layout settings as the chart type and the graph options. The options are accessed by clicking on the “brush” icon in the upper right corner Should you want to apply these settings to other charts visible at the same time this can be done by clicking “Apply settings to all” Additionally other enhancements have been applied as for example the ability to move signal between boxes and reorder signals within the same box. And (this applies to all widgets) you can move the widget around in the case you need room to operate and see the data but without losing it as it happened in the past.

Refresh frequency selection button

A small improvement for panels. A selection button has been included into panels to choose which refresh frequency you want your the panel, either the grouping period used in the query or the last available period in the platform.

March 29, 2017

Version 4.12.0

OData/API feeds management

A new management area for Api and OData feeds is now available. Customers now will be able to fully manage their feeds, including filtering by feed, change their status (enabled/disabled), change their authentication type, description name, etc. Another main update and improvement is the ability to identify the feeds when they are created and select the authentication type so we can address all the different use cases from the different OData consumers.

Several improvements in chart widget usability

  • Information pop ups shown in multiple graphs opened
  • Design improvements
  • Drag, drop and order of the tags
  • Bug solved on widgets not being recoverable when they are moved off limits
  • Short cuts to make the Mark Graphs
  • When select rows in datatable mark in graphs with a “flag” with “stairs” style
  • Ability to save graphs into a png
  • Order in tooltips
  • Double click in graph signals (labels) must disable this signal
  • In graphs when x position dont have value the line must break not go to 0
  • Toolbar added in windows
  • Ability to maximize the window

PDF export in Dashboards

Now it is possible to download as a PDF a given Dashboard It will give the possibility to select which widgets in the dashboard will be displayed in the exported PDF.

Improvements on Send Data from Local/Dropbox

  • Support of windows file formats
  • Preview of unmatched lines during file evaluation task
  • New date formats added

New security feeds

We have added in selected domains new lookups that contains information about malware and fraud threats based on a given IP. This information is gathered daily from public OSINT (Open source Intelligence) sources providing a rich source of information that can be correlated with events going well beyond the current “reputation IP” available operations. By now this lookups are only activated on demand on selected domains. Should you need their activation please contact us.

Inactivity alert

Now it is possible to set up an alert when the number of events of a given source is not sending data or under a certain threshold.

February 1, 2017

Version 4.11.0

Logs upload

We now allow to upload files directly to Devo either from your Dropbox account or from your local file system (with a 20MB limit). You will be able to either upload files to start using Devo or to perform one-off analysis that require no continuous data ingestion. This new feature both enables you to use the current date as the event date or to select a date included in the log itself, supporting a big set of different date formats.

Default finder in User Role creation

You can now associate a Default Finder when creating a new User Role.

Lookups restriction by table

It is possible now to restrict a lookup to be used only from certain tables only.

Topological view with Live Tiles

A new powerful tool has been added to complement the current finder. The tool will allow the creation of “panels” which will represent graphically a system infrastructure or process flow or whatever relationship that needs to be graphically represented. Once this is plotted each node of the panel can be linked with a query and/or an alert. This will provide a powerful high level tool to manage more complex architectures and its inherent relationships. Additionally you can include ?live data in the panels so you can track a given metric/status for analysis or surveillance.

New operations

New operations available.

October 27, 2016

Version 4.10.0

New Graph Widget configuration capabilities + new options

A new way to set the graph up has been implemented to compose more complex representations and make it more customer friendly. Now a graph is used to configure the final graph including the option of setting bidirectional relationships, indicate that node types are equal, making more obvious the latitude and longitude properties. The way to introduce the metrics has also been redesigned to make it more appealing. And now the color of the nodes can be changed as well the icon appearance.

Aliased finder

Now it is possible to define an alias for a given table and use the finder using Alias from that moment on.

Filter tables by activity

We have added the capability of hiding tables from the finder without activity for a given time period.

Improvements on ODATA

ODATA feeds have been improved with the following enhancements:
– Ability to indicate relative dates
– Ability to process in streaming
– Boolean data types added
– Fixes with some data types
– Improvements on memory usage
– Basic authentication on feeds

Secured OData feeds

The OData feeds will now have basic authentication. The default credentials will be set from Preferences > Account Preferences > API

September 15, 2016

Version 4.9.0

Multi Factor Authentication

Now it is possible to enable Multi Factor Authentication (MFA) as an extra security mechanism on top of the current username and password validation. Using any of the mobile compatible applications you’ll be prompted to enter a temporarily generated code to enter to your Devo account. This can be configured in Preferences, Account Preferences.

New relays creation page

The relay creation page has been simplified and improved. Additionally the non valid options (Cloud relay and Secure sending) have been removed.

New smart table headers

Some of the tables across the app have a brand new header that allows to filter and sort at column level by just either clicking on the funnel icon or the up-down arrows. The sort mechanism is particularly handy as it allows to go to the last record without having to scroll down in a large set of data. Updates in Graph widget now it is available: a new option to compute node sizes as max(sum(incoming links), sum(outgoing links)) , new setting to specify links curvature. New map mode setting to show/hide unpositioned nodes, new setting to specify initial mode (graph or map), numbers use SI suffixes (K, G, M) by default now, limbo area is now delimited with a visible rectangle and a title.

My.App tables creation

From now on the my.app tables are created automatically, and the formatting emails are not sent unless this is requested proactively by the user.

Union and injections now available in all domains

The union operation as well as the data injection capabilities are now available in all domains.

September 1, 2016

Version 4.7.0

New Widget “Graph Diagram”

A new widget has been included in the product, by now only in the query area. It allows to graphically represent the relationship between nodes of a given type as, for example,the relationship between source and destination IPs in a web traffic log file. Additionally, if location information is provided to each of the nodes, the given graph can be overlapped on a map to get a graphical representation adding the location value to the nodes’ relationship.

New widget “Time Heatmap”

A new widget named “Team heatmap” is added to the product. Given a time analysis period and a time aggrupation a matrix is produced representing each cell the density of a given value with a color scale. This new widget is available both in the query area and in the dashboard

Want a live demo or have specific questions? SPEAK WITH A DEVO SPECIALIST