Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Original External PR
external pull request
Contributor
@j-lopezal
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
Description
This Devo XSOAR v2 Integration carries over everything from version 2 and adds two new features:
Items per page: helps manage number of Devo items (incidents i.e. alerts, query responses) to be processed by XSOAR to avoid overwhelming XSOAR
Custom alert table: allows XSOAR to query/process Devo data stored in my.app.alert.info table
Use Cases
Ingest all user-defined alerts from Devo into Cortex XSOAR
Query any data source available in Devo
Manage alert processing speed of XSOAR
Run needle-in-haystack multi-table queries for threat-hunting incidents
Write results back to Devo as searchable records or alerts
Write new entries into lookup tables to be used in synthesis tables (ALPHA)
Screenshots
Minimum version of Cortex XSOAR
Does it break backward compatibility?
Must have